It's time to junk your Cisco SPA300 and SPA500 IP phones
Briefly

The flaws stem from the lack of HTTP packet error checks, enabling attackers to trigger a buffer overflow and execute commands with root access.
Additional vulnerabilities in the phones, rated 7.8, allow for denial of service attacks but not code execution. Despite these issues, Cisco will not release updates as the devices are at end-of-life.
Read at Theregister
[
|
]