Xpressa@1.2.5 Security Vulnerabilities and Issues — Xpressa@1.2.5 CVE List

Lucene search

PingtelXpressa1.2.5

11 matches found

CVE•added 2005/06/28 4:0 a.m.•47 views

CVE-2002-1935

Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar.

5CVSS7AI score0.00392EPSS

CVE•added 2002/07/23 4:0 a.m.•43 views

CVE-2002-0670

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.

7.5CVSS6.8AI score0.00871EPSS

CVE•added 2004/09/01 4:0 a.m.•41 views

CVE-2002-0668

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.

7.5CVSS6.4AI score0.0049EPSS

CVE•added 2004/09/01 4:0 a.m.•39 views

CVE-2002-0672

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null.

4.6CVSS6.6AI score0.00091EPSS

CVE•added 2005/06/28 4:0 a.m.•35 views

CVE-2002-1934

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.

5CVSS6.3AI score0.00408EPSS

CVE•added 2002/07/23 4:0 a.m.•34 views

CVE-2002-0667

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone.

10CVSS6.9AI score0.01193EPSS

CVE•added 2004/09/01 4:0 a.m.•34 views

CVE-2002-0673

The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions.

4.6CVSS6.6AI score0.00074EPSS

CVE•added 2005/02/20 5:0 a.m.•34 views

CVE-2004-1680

application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.

5CVSS7AI score0.00998EPSS

CVE•added 2003/02/19 5:0 a.m.•33 views

CVE-2002-0669

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs...

5CVSS6.7AI score0.00417EPSS

CVE•added 2004/09/01 4:0 a.m.•33 views

CVE-2002-0674

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.

7.2CVSS6.5AI score0.00067EPSS

CVE•added 2002/07/23 4:0 a.m.•27 views

CVE-2002-0675

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.

4.6CVSS6.6AI score0.00077EPSS