CVE-2002-0671

CRITICAL

Pingtel xpressa_firmware 1.2.5-1.2.7.4 - Unauthenticated Trojan Horse Application Installation via DNS Spoofing

Title source: llm
STIX 2.1

Description

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.

References (4)

Core 4
Core References
Broken Link, Vendor Advisory x_refsource_confirm
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
Broken Link vendor-advisory x_refsource_atstake
http://www.atstake.com/research/advisories/2002/a071202-1.txt
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5224
Broken Link vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9566.php

Scores

CVSS v3 9.8
EPSS 0.0115
EPSS Percentile 62.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-494
Status published
Products (2)
pingtel/xpressa_firmware 1.2.5
pingtel/xpressa_firmware 1.2.7.4
Published Jul 23, 2002
Tracked Since Feb 18, 2026