MEDIUM🇵🇱 Wersja polska

CVE-2004-1680

CVSS 5.0v2.0pub. 2004-09-13upd. 2026-04-16

application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.

CVSS Vector
AV:N/AC:L/Au:N/C:N/I:N/A:P
  • Pingtel Xpressa

    HW
    Pingtel
    1.2.51.2.7.41.2.82.02.0.12.1.11.24
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoSMemory
CWE
References

Related vulnerabilities

CVE-2002-0671CRITICAL9.8ten sam produkt

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web si...

CVE-2002-0667HIGH10.0ten sam produkt

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password,...

CVE-2002-0670HIGH7.5ten sam produkt

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded ...

CVE-2002-0668HIGH7.5ten sam produkt

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated...

CVE-2002-0674HIGH7.2ten sam produkt

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administra...