Pingtel Expressa Arbitrary Firmware Upgrade Vulnerability

Expressa is the Java-Based Voice-Over-IP phone developed and distributed by Pingtel.

It has been discovered that users may be able to arbitrarily upgrade phone firmware. Expressa phones allow users to upgrade firmware without first authenticating as an administrator.


 

Privacy Statement
Copyright 2010, SecurityFocus