CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
39.9%
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.
Vendor | Product | Version | CPE |
---|---|---|---|
ergophone | tiptel_ip_286_firmware | * | cpe:2.3:o:ergophone:tiptel_ip_286_firmware:*:*:*:*:*:*:*:* |
ergophone | tiptel_ip_286 | - | cpe:2.3:h:ergophone:tiptel_ip_286:-:*:*:*:*:*:*:* |
yealink | sip-t28p_firmware | * | cpe:2.3:o:yealink:sip-t28p_firmware:*:*:*:*:*:*:*:* |
yealink | sip-t28p | - | cpe:2.3:h:yealink:sip-t28p:-:*:*:*:*:*:*:* |