Lucene search

[email protected]NVD:CVE-2024-33109

HistorySep 19, 2024 - 7:15 p.m.

CVE-2024-33109

2024-09-1919:15:24

CWE-22

[email protected]

web.nvd.nist.gov

cve-2024-33109

web interface

tiptel ip 286

firmware version 2.61.13.10

overwrite files

ringtone upload function

security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.9%

JSON

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.

Affected configurations

Nvd

Node

ergophonetiptel_ip_286_firmwareRange≤2.61.13.10

AND

ergophonetiptel_ip_286Match-

Node

yealinksip-t28p_firmwareRange≤2.61.13.10

AND

yealinksip-t28pMatch-

VendorProductVersionCPE
ergophonetiptel_ip_286_firmware*cpe:2.3:o:ergophone:tiptel_ip_286_firmware:*:*:*:*:*:*:*:*
ergophonetiptel_ip_286-cpe:2.3:h:ergophone:tiptel_ip_286:-:*:*:*:*:*:*:*
yealinksip-t28p_firmware*cpe:2.3:o:yealink:sip-t28p_firmware:*:*:*:*:*:*:*:*
yealinksip-t28p-cpe:2.3:h:yealink:sip-t28p:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ergophone	tiptel_ip_286_firmware	*	cpe:2.3:o:ergophone:tiptel_ip_286_firmware::::::::
ergophone	tiptel_ip_286	-	cpe:2.3:h:ergophone:tiptel_ip_286:-:::::::*
yealink	sip-t28p_firmware	*	cpe:2.3:o:yealink:sip-t28p_firmware::::::::
yealink	sip-t28p	-	cpe:2.3:h:yealink:sip-t28p:-:::::::*

References

tiptel.com

www.bdosecurity.de/en-gb/advisories/cve-2024-33109

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.9%

JSON

Related for NVD:CVE-2024-33109

vulnrichment1 cve1 cvelist1