CVE-2024-33109
CriticalCVSS 9.9Exploitation Probability (EPSS)
Elevated risk54th percentile - higher than 54% of all known CVEs
Summary
A Directory Traversal vulnerability in the web interface of the Tiptel IP 286 phone with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the device via the Ringtone upload function.
Risk Assessment
An attacker can overwrite critical system files, potentially leading to device compromise, denial of service, or further network attacks.
Recommendation
Immediately update the Tiptel IP 286 firmware to the latest version that fixes this vulnerability, and restrict web interface access to trusted networks only.
Original NVD description (English source)
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.

