CRITICAL✓ PATCH🇬🇧 English

CVE-2002-0671

CVSS 9.8v3.1pub. 2002-07-23upd. 2026-04-16

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Pingtel Xpressa

    HW
    Pingtel
    wszystkie wersje
  • Pingtel Xpressa Firmware

    OS
    Pingtel
    1.2.51.2.7.4
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2002-0674HIGH7.2ten sam produkt

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administra...

CVE-2002-0667HIGH10.0ten sam produkt

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password,...

CVE-2002-0670HIGH7.5ten sam produkt

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded ...

CVE-2002-0668HIGH7.5ten sam produkt

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated...

CVE-2004-1680MEDIUM5.0ten sam produkt

application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to...