Lucene search

MitreCVELIST:CVE-2024-33109

HistorySep 19, 2024 - 12:00 a.m.

CVE-2024-33109

2024-09-1900:00:00

mitre

www.cve.org

cve-2024-33109

directory traversal

tiptel ip 286

firmware 2.61.13.10

overwrite files

ringtone upload

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

EPSS

0.001

Percentile

39.9%

JSON

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.

References

tiptel.com

www.bdosecurity.de/en-gb/advisories/cve-2024-33109

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

EPSS

0.001

Percentile

39.9%

JSON

Related for CVELIST:CVE-2024-33109