HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2002-0674

CVSS 7.2v2.0pub. 2002-07-23upd. 2026-04-16

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.

CVSS Vector
AV:L/AC:L/Au:N/C:C/I:C/A:C
  • Pingtel Xpressa

    HW
    Pingtel
    1.2.51.2.7.4
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2002-0671CRITICAL9.8ten sam produkt

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web si...

CVE-2002-0667HIGH10.0ten sam produkt

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password,...

CVE-2002-0670HIGH7.5ten sam produkt

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded ...

CVE-2002-0668HIGH7.5ten sam produkt

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated...

CVE-2004-1680MEDIUM5.0ten sam produkt

application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to...