Vulnerabilities > CVE-2004-1680 - Remote Denial Of Service vulnerability in Pingtel Xpressa Handset

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

pingtel

NVD

Published: 2004-09-13

Updated: 2017-07-11

Summary

application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.

Vulnerable Configurations

Part	Description	Count
Hardware	Pingtel Pingtel Xpressa 1.2.5 Pingtel Xpressa 1.2.7.4 Pingtel Xpressa 1.2.8 Pingtel Xpressa 2.0 Pingtel Xpressa 2.0.1 Pingtel Xpressa 2.1.11.24	6

References

http://secunia.com/advisories/12523
http://www.atstake.com/research/advisories/2004/a091304-2.txt
http://www.securityfocus.com/bid/11161
https://exchange.xforce.ibmcloud.com/vulnerabilities/17346