CVE-2002-0671

CRITICAL

Pingtel Xpressa Firmware - Download Without Integrity Check

Title source: rule

Description

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.

References (4)

[Broken Link, Vendor Advisory] http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp

[Broken Link] http://www.atstake.com/research/advisories/2002/a071202-1.txt

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/5224

[Broken Link] http://www.iss.net/security_center/static/9566.php

Scores

CVSS v3 9.8

EPSS 0.0051

EPSS Percentile 66.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-494

Status published

Products (2)

pingtel/xpressa_firmware 1.2.5

pingtel/xpressa_firmware 1.2.7.4

Published Jul 23, 2002

Tracked Since Feb 18, 2026