Описание
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.
Ссылки
- Broken Link
- Broken Link
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken Link
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:pingtel:xpressa_firmware:1.2.5:*:*:*:*:*:*:*
cpe:2.3:o:pingtel:xpressa_firmware:1.2.7.4:*:*:*:*:*:*:*
cpe:2.3:h:pingtel:xpressa:-:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00512
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-494
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.
EPSS
Процентиль: 66%
0.00512
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-494