HIGH✓ PATCH🇬🇧 English

CVE-2002-0670

CVSS 7.5v2.0pub. 2002-07-23upd. 2026-04-16

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Pingtel Xpressa

    HW
    Pingtel
    1.2.51.2.7.4
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2002-0671CRITICAL9.8ten sam produkt

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web si...

CVE-2002-0667HIGH10.0ten sam produkt

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password,...

CVE-2002-0674HIGH7.2ten sam produkt

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administra...

CVE-2002-0668HIGH7.5ten sam produkt

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated...

CVE-2004-1680MEDIUM5.0ten sam produkt

application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to...

CVE-2002-0670 — HIGH 7.5 | CVEbaza.pl