CVE-2024-33109 | Directory Traversal in the web interface of the Tiptel IP 28… | CVSS 9.9 CRITICAL

Description

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.

Metadata

CVE ID: CVE-2024-33109
State: PUBLISHED
Assigner: mitre
Reserved: 2024-04-23 00:00 UTC
Published: 2024-09-19 00:00 UTC
Last updated: 2024-09-20 13:10 UTC
Primary CWE: CWE-22
CWE-22 Improper Limitation of a Pathname to a Restricted Dir…
Vendor / Product: n/a / n/a
Sources: cve.org · NVD

Severity & Metrics

9.9 CRITICAL CVSS 3.1

CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:L/S:C/UI:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
n/a	n/a	—	n/a

Weakness (CWE)

CWE	Source	Description
—	cna	n/a
CWE-22	adp	CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.9	CRITICAL	3.1	cna	CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:L/S:C/UI:N

References (2)