CVE Tools

pingtel

Communicationscommercial

11

Cumulative CVEs

5

Monthly snapshots

#12

Peak rank

Top products

Latest CVEs

The 12 most recently published vulnerabilities affecting pingtel.

CVE-2002-1935Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers ...5.0Jun 28, 2005
CVE-2002-1934Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the ph...5.0Jun 28, 2005
CVE-2004-1680application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly tri...5.0Feb 20, 2005
CVE-2002-0674Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the admi...7.2Sep 1, 2004
CVE-2002-0673The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the pho...4.6Sep 1, 2004
CVE-2002-0672Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which se...4.6Sep 1, 2004
CVE-2002-0668The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.7.5Sep 1, 2004
CVE-2002-0671Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attac...9.8Apr 2, 2003
CVE-2002-0669The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force ...5.0Feb 11, 2003
CVE-2002-0675Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.4.6Jul 15, 2002
CVE-2002-0670The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to...7.5Jul 15, 2002
CVE-2002-0667Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone.10.0Jul 15, 2002