Vulnerability Details CVE-2004-1680
application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/12523
- http://www.atstake.com/research/advisories/2004/a091304-2.txt
- http://www.securityfocus.com/bid/11161
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17346
- http://secunia.com/advisories/12523
- http://www.atstake.com/research/advisories/2004/a091304-2.txt
- http://www.securityfocus.com/bid/11161
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17346
Products affected by CVE-2004-1680
-
cpe:2.3:h:pingtel:xpressa:1.2.5
-
cpe:2.3:h:pingtel:xpressa:1.2.7.4
-
cpe:2.3:h:pingtel:xpressa:1.2.8
-
cpe:2.3:h:pingtel:xpressa:2.0
-
cpe:2.3:h:pingtel:xpressa:2.0.1
-
cpe:2.3:h:pingtel:xpressa:2.1.11.24