Vulnerabilities > Pingtel > Xpressa
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-09-13 | CVE-2004-1680 | Remote Denial Of Service vulnerability in Pingtel Xpressa Handset application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow. | 5.0 |
2003-02-19 | CVE-2002-0669 | Denial-Of-Service vulnerability in Xpressa 1.2.5/1.2.7.4 The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs. | 5.0 |
2002-07-23 | CVE-2002-0675 | Unspecified vulnerability in Pingtel Xpressa 1.2.5/1.2.7.4 Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone. | 4.6 |
2002-07-23 | CVE-2002-0674 | Unspecified vulnerability in Pingtel Xpressa 1.2.5/1.2.7.4 Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication. | 7.2 |
2002-07-23 | CVE-2002-0673 | Cross-Site Request Forgery vulnerability in Xpressa 1.2.5/1.2.7.4 The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions. | 4.6 |
2002-07-23 | CVE-2002-0672 | Local Security vulnerability in Xpressa 1.2.5/1.2.7.4 Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null. | 4.6 |
2002-07-23 | CVE-2002-0670 | Remote Security vulnerability in Xpressa 1.2.5/1.2.7.4 The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing. | 7.5 |
2002-07-23 | CVE-2002-0668 | Remote Security vulnerability in Xpressa 1.2.5/1.2.7.4 The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls. | 7.5 |
2002-07-23 | CVE-2002-0667 | Unspecified vulnerability in Pingtel Xpressa 1.2.5/1.2.7.4 Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone. | 10.0 |