Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.
References
Link | Resource |
---|---|
http://tiptel.com | Product |
https://www.bdosecurity.de/en-gb/advisories/cve-2024-33109 | Third Party Advisory |
Configurations
History
25 Sep 2024, 14:47
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:o:ergophone:tiptel_ip_286_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ergophone:tiptel_ip_286:-:*:*:*:*:*:*:* cpe:2.3:o:yealink:sip-t28p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:yealink:sip-t28p:-:*:*:*:*:*:*:* |
|
First Time |
Ergophone
Ergophone tiptel Ip 286 Firmware Ergophone tiptel Ip 286 Yealink sip-t28p Firmware Yealink sip-t28p Yealink |
|
References | () http://tiptel.com - Product | |
References | () https://www.bdosecurity.de/en-gb/advisories/cve-2024-33109 - Third Party Advisory |
20 Sep 2024, 13:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 |
20 Sep 2024, 12:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
19 Sep 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-19 19:15
Updated : 2024-09-25 14:47
NVD link : CVE-2024-33109
Mitre link : CVE-2024-33109
CVE.ORG link : CVE-2024-33109
JSON object : View
Products Affected
yealink
- sip-t28p_firmware
- sip-t28p
ergophone
- tiptel_ip_286_firmware
- tiptel_ip_286
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')