VULHUB ™

Pingtel Xpressa IP phones may potentially leak sensitive information across the network. When the phone is booted, registration information is sent via the HTTP protocol to Pingtel's MyPingtel Portal. This information includes the administrative name, hashed credentials, and a number of other sensitive details about the phone. An attacker with the ability to intercept traffic between the phone and the MyPingtel Portal can gain access to this sensitive information. The information leaked in this manner is sufficient for an attacker to fully compromise the device.

Pingtel Xpressa IP phones may potentially leak sensitive information across the network. When the phone is booted, registration information is sent via the HTTP protocol to Pingtel's MyPingtel Portal. This information includes the administrative name, hashed credentials, and a number of other sensitive details about the phone. An attacker with the ability to intercept traffic between the phone and the MyPingtel Portal can gain access to this sensitive information. The information leaked in this manner is sufficient for an attacker to fully compromise the device.