Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 up to and including 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote malicious users to install Trojan horse applications via DNS spoofing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pingtel xpressa_firmware 1.2.5 |
||
pingtel xpressa_firmware 1.2.7.4 |