CVE Catalog

CVE-2024-33109

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.85%

54th percentile - higher than 54% of all known CVEs

Summary

A Directory Traversal vulnerability in the web interface of the Tiptel IP 286 phone with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the device via the Ringtone upload function.

Risk Assessment

An attacker can overwrite critical system files, potentially leading to device compromise, denial of service, or further network attacks.

Recommendation

Immediately update the Tiptel IP 286 firmware to the latest version that fixes this vulnerability, and restrict web interface access to trusted networks only.

Original NVD description (English source)

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS