Lucene search
K
PingtelXpressa

11 matches found

CVE
CVE
added 2005/06/28 4:0 a.m.58 views

CVE-2002-1935

Pingtel Xpressa versions 1.2.5 through 2.0.1 are affected by CVE-2002-1935 due to predictable Call-ID, CSeq, and To/From SIP URL values in SIP requests, which can let remote attackers avoid registering with the SIP registrar. The root cause is the lack of randomness in SIP identifiers, enabling a...

5CVSS7AI score0.01351EPSS
CVE
CVE
added 2002/07/15 4:0 a.m.53 views

CVE-2002-0670

The CVE-2002-0670 issue affects Pingtel xpressa SIP phones (software versions 1.2.5–1.2.7.4). The web interface uses HTTP Basic authentication with Base64-encoded credentials, allowing remote attackers to sniff and decode usernames/passwords in transit. Documents confirm the risk is tied to unenc...

7.5CVSS6.8AI score0.01635EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.52 views

CVE-2002-0668

The CVE-2002-0668 issue affects Pingtel xpressa SIP phones (software versions 1.2.5–1.2.7.4). A web interface vulnerability allows an authenticated user to modify Call Forwarding settings, hijacking calls by redirecting them to another SIP URL or number. The root cause is exposure of administrati...

7.5CVSS6.4AI score0.01326EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.50 views

CVE-2002-0672

The CVE-2002-0672 entry concerns Pingtel xpressa SIP phones (versions 1.2.5–1.2.7.4) where the administrator password is null due to a factory reset without authentication via the GUI. The linked advisory and CVE records detail multiple issues affecting PX-1 devices, including local/remote admini...

4.6CVSS6.6AI score0.00354EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.47 views

CVE-2002-0673

CVE-2002-0673 concerns Pingtel xpressa SIP phones (PX-1, software 1.2.5–1.2.7.4). The vulnerability enables attackers with physical access to log out the current user via the enrollment process and re-register the phone using MyPingtel Sign-In, gaining remote access and allowing unauthorized acti...

4.6CVSS6.6AI score0.00345EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.47 views

CVE-2002-1934

CVE-2002-1934 affects Pingtel xpressa SIP-based VoIP phones version 1.2.5 through 2.0.1. The vulnerability leaks sensitive information during boot-up, allowing an attacker to obtain the MD5 hashes of the Admin password, the physical password, and other registration data. The available connected s...

5CVSS6.3AI score0.01189EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.46 views

CVE-2004-1680

The CVE-2004-1680 issue affects the Pingtel Xpressa handset (firmware 2.1.11.24) where application.cgi can be abused by remote authenticated users via a long HTTP GET request, potentially triggering a buffer overflow and causing a VxWorks OS crash (DoS). Connected sources confirm the vulnerabilit...

5CVSS7AI score0.01875EPSS
CVE
CVE
added 2002/07/15 4:0 a.m.45 views

CVE-2002-0667

CVE-2002-0667 concerns Pingtel xpressa SIP phones (model PX-1) running software 1.2.5–1.2.7.4. The issue arises from a default administrator password set to null (admin user), enabling remote and local administrative access, manipulation of SIP signaling, and potential takeover of the device. Con...

10CVSS6.9AI score0.02615EPSS
CVE
CVE
added 2003/02/11 5:0 a.m.43 views

CVE-2002-0669

The CVE-2002-0669 issue affects Pingtel xpressa SIP-based phones (versions 1.2.5–1.2.7.4). By changing SIP_AUTHENTICATE_SCHEME, an attacker can force authentication of incoming calls, causing a denial of service where neither caller nor callee is informed of the failure. The vulnerability stems f...

5CVSS6.7AI score0.01126EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.43 views

CVE-2002-0674

The CVE-2002-0674 entry concerns Pingtel xpressa SIP phones (software versions 1.2.5–1.2.7.4) that do not time out an inactive administrator session, potentially allowing another user to perform administrator actions if the original admin session isn’t explicitly ended. This mirrors the @stake ad...

7.2CVSS6.5AI score0.00378EPSS
CVE
CVE
added 2002/07/15 4:0 a.m.37 views

CVE-2002-0675

The CVE affects Pingtel xpressa SIP phones (model PX-1) with software versions 1.2.5–1.2.7.4. The root cause is that firmware upgrades can be performed without administrative privileges, enabling an unauthorized user to upgrade the phone. The accompanying @stake advisory details multiple vulnerab...

4.6CVSS6.6AI score0.00351EPSS