Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pingtel vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2004-1680
application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.
Pingtel Xpressa 1.2.5
Pingtel Xpressa 2.0
Pingtel Xpressa 2.0.1
Pingtel Xpressa 2.1.11.24
Pingtel Xpressa 1.2.7.4
Pingtel Xpressa 1.2.8
5
CVSSv2
CVE-2002-1934
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 up to and including 2.0.1 leaks sensitive information during boot-up, which allows malicious users to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.
Pingtel Xpressa 2.0
Pingtel Xpressa 1.2.8
Pingtel Xpressa 1.2.7.4
Pingtel Xpressa 1.2.5
Pingtel Xpressa 2.0.1
5
CVSSv2
CVE-2002-1935
Pingtel Xpressa 1.2.5 up to and including 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote malicious users to avoid registering with the SIP registrar.
Pingtel Xpressa 2.0
Pingtel Xpressa 1.2.8
Pingtel Xpressa 1.2.7.4
Pingtel Xpressa 1.2.5
Pingtel Xpressa 2.0.1
10
CVSSv2
CVE-2002-0667
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 up to and including 1.2.7.4 has a default null administrator password, which could allow remote malicious users to gain access to the phone.
Pingtel Xpressa 1.2.7.4
Pingtel Xpressa 1.2.5
7.5
CVSSv2
CVE-2002-0668
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 up to and including 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.
Pingtel Xpressa 1.2.5
Pingtel Xpressa 1.2.7.4
5
CVSSv2
CVE-2002-0669
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 up to and including 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when a...
Pingtel Xpressa 1.2.5
Pingtel Xpressa 1.2.7.4
7.5
CVSSv2
CVE-2002-0670
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 up to and including 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote malicious users to steal and easily decode the passwords via sniffing.
Pingtel Xpressa 1.2.5
Pingtel Xpressa 1.2.7.4
7.5
CVSSv2
CVE-2002-0671
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 up to and including 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote malicious users to install Trojan horse applications via DNS spoofing.
Pingtel Xpressa Firmware 1.2.5
Pingtel Xpressa Firmware 1.2.7.4
4.6
CVSSv2
CVE-2002-0672
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 up to and including 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null.
Pingtel Xpressa 1.2.5
Pingtel Xpressa 1.2.7.4
4.6
CVSSv2
CVE-2002-0673
The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 up to and including 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthoriz...
Pingtel Xpressa 1.2.5
Pingtel Xpressa 1.2.7.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »