Pingtel: >> Xpressa Security Vulnerabilities
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.
CVSS Score
7.2
EPSS Score
0.001
Published
2002-07-23
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.
CVSS Score
4.6
EPSS Score
0.002
Published
2002-07-23
Page 2