Vulnerabilities > Pingtel > Xpressa

DATE CVE VULNERABILITY TITLE RISK
2004-09-13 CVE-2004-1680 Remote Denial Of Service vulnerability in Pingtel Xpressa Handset
application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.
network
low complexity
pingtel
5.0
2003-02-19 CVE-2002-0669 Denial-Of-Service vulnerability in Xpressa 1.2.5/1.2.7.4
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs.
network
low complexity
pingtel
5.0
2002-07-23 CVE-2002-0675 Unspecified vulnerability in Pingtel Xpressa 1.2.5/1.2.7.4
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.
local
low complexity
pingtel
4.6
2002-07-23 CVE-2002-0674 Unspecified vulnerability in Pingtel Xpressa 1.2.5/1.2.7.4
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.
local
low complexity
pingtel
7.2
2002-07-23 CVE-2002-0673 Cross-Site Request Forgery vulnerability in Xpressa 1.2.5/1.2.7.4
The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions.
local
low complexity
pingtel
4.6
2002-07-23 CVE-2002-0672 Local Security vulnerability in Xpressa 1.2.5/1.2.7.4
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null.
local
low complexity
pingtel
4.6
2002-07-23 CVE-2002-0670 Remote Security vulnerability in Xpressa 1.2.5/1.2.7.4
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.
network
low complexity
pingtel
7.5
2002-07-23 CVE-2002-0668 Remote Security vulnerability in Xpressa 1.2.5/1.2.7.4
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.
network
low complexity
pingtel
7.5
2002-07-23 CVE-2002-0667 Unspecified vulnerability in Pingtel Xpressa 1.2.5/1.2.7.4
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone.
network
low complexity
pingtel
critical
10.0