彙總 pingtel 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 緩衝區溢位與拒絕服務,在 軟體部署與生產負載 使用場景中可能帶來 應用程式崩潰 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2004-1680 | application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow. | [email protected] | 5.0 | 1.88% | 2004-09-13 | 2026-04-16 |
| CVE-2002-0669 | The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs. | [email protected] | 5.0 | 1.13% | 2003-02-19 | 2026-04-16 |
| CVE-2002-1935 | Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar. | [email protected] | 5.0 | 1.35% | 2002-12-31 | 2026-04-16 |
| CVE-2002-1934 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information. | [email protected] | 5.0 | 1.19% | 2002-12-31 | 2026-04-16 |
| CVE-2002-0675 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone. | [email protected] | 4.6 | 0.35% | 2002-07-23 | 2026-04-16 |
| CVE-2002-0674 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication. | [email protected] | 7.2 | 0.38% | 2002-07-23 | 2026-04-16 |
| CVE-2002-0673 | The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions. | [email protected] | 4.6 | 0.34% | 2002-07-23 | 2026-04-16 |
| CVE-2002-0672 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null. | [email protected] | 4.6 | 0.35% | 2002-07-23 | 2026-04-16 |
| CVE-2002-0671 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing. | [email protected] | 9.8 | 1.15% | 2002-07-23 | 2026-04-16 |
| CVE-2002-0670 | The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing. | [email protected] | 7.5 | 1.64% | 2002-07-23 | 2026-04-16 |
| CVE-2002-0668 | The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls. | [email protected] | 7.5 | 1.33% | 2002-07-23 | 2026-04-16 |
| CVE-2002-0667 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone. | [email protected] | 10.0 | 2.61% | 2002-07-23 | 2026-04-16 |