11 matches found
CVE-2002-1935
Pingtel Xpressa versions 1.2.5 through 2.0.1 are affected by CVE-2002-1935 due to predictable Call-ID, CSeq, and To/From SIP URL values in SIP requests, which can let remote attackers avoid registering with the SIP registrar. The root cause is the lack of randomness in SIP identifiers, enabling a...
CVE-2002-0670
The CVE-2002-0670 issue affects Pingtel xpressa SIP phones (software versions 1.2.5–1.2.7.4). The web interface uses HTTP Basic authentication with Base64-encoded credentials, allowing remote attackers to sniff and decode usernames/passwords in transit. Documents confirm the risk is tied to unenc...
CVE-2002-0668
The CVE-2002-0668 issue affects Pingtel xpressa SIP phones (software versions 1.2.5–1.2.7.4). A web interface vulnerability allows an authenticated user to modify Call Forwarding settings, hijacking calls by redirecting them to another SIP URL or number. The root cause is exposure of administrati...
CVE-2002-0672
The CVE-2002-0672 entry concerns Pingtel xpressa SIP phones (versions 1.2.5–1.2.7.4) where the administrator password is null due to a factory reset without authentication via the GUI. The linked advisory and CVE records detail multiple issues affecting PX-1 devices, including local/remote admini...
CVE-2002-0673
CVE-2002-0673 concerns Pingtel xpressa SIP phones (PX-1, software 1.2.5–1.2.7.4). The vulnerability enables attackers with physical access to log out the current user via the enrollment process and re-register the phone using MyPingtel Sign-In, gaining remote access and allowing unauthorized acti...
CVE-2002-1934
CVE-2002-1934 affects Pingtel xpressa SIP-based VoIP phones version 1.2.5 through 2.0.1. The vulnerability leaks sensitive information during boot-up, allowing an attacker to obtain the MD5 hashes of the Admin password, the physical password, and other registration data. The available connected s...
CVE-2004-1680
The CVE-2004-1680 issue affects the Pingtel Xpressa handset (firmware 2.1.11.24) where application.cgi can be abused by remote authenticated users via a long HTTP GET request, potentially triggering a buffer overflow and causing a VxWorks OS crash (DoS). Connected sources confirm the vulnerabilit...
CVE-2002-0667
CVE-2002-0667 concerns Pingtel xpressa SIP phones (model PX-1) running software 1.2.5–1.2.7.4. The issue arises from a default administrator password set to null (admin user), enabling remote and local administrative access, manipulation of SIP signaling, and potential takeover of the device. Con...
CVE-2002-0669
The CVE-2002-0669 issue affects Pingtel xpressa SIP-based phones (versions 1.2.5–1.2.7.4). By changing SIP_AUTHENTICATE_SCHEME, an attacker can force authentication of incoming calls, causing a denial of service where neither caller nor callee is informed of the failure. The vulnerability stems f...
CVE-2002-0674
The CVE-2002-0674 entry concerns Pingtel xpressa SIP phones (software versions 1.2.5–1.2.7.4) that do not time out an inactive administrator session, potentially allowing another user to perform administrator actions if the original admin session isn’t explicitly ended. This mirrors the @stake ad...
CVE-2002-0675
The CVE affects Pingtel xpressa SIP phones (model PX-1) with software versions 1.2.5–1.2.7.4. The root cause is that firmware upgrades can be performed without administrative privileges, enabling an unauthorized user to upgrade the phone. The accompanying @stake advisory details multiple vulnerab...