CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0675

MEDIUM
4.6
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile20.75th
PublishedJul 23, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.

Affected Platforms (CPE)

πŸ”Œ
Pingtel

Xpressa

= 1.2.5
πŸ”Œ
Pingtel

Xpressa

= 1.2.7.4

References & Advisories

πŸ”— http://www.atstake.com/research/advisories/2002/a071202-1.txt
πŸ”— http://www.iss.net/security_center/static/9570.php
πŸ”— http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
πŸ”— http://www.securityfocus.com/bid/5223
πŸ”— http://www.atstake.com/research/advisories/2002/a071202-1.txt
πŸ”— http://www.iss.net/security_center/static/9570.php
πŸ”— http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
πŸ”— http://www.securityfocus.com/bid/5223

Related Vulnerabilities

CVE-2002-066710.0

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow r...

CVE-2002-06719.8

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verif...

CVE-2002-06707.5

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwo...

CVE-2002-06687.5

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the...

CVE-2002-0675 Detail & Impact Analysis | CVSS 4.6 (MEDIUM) | Cyber-Sec.Space | Cyber-Sec.Space