Is CVE-2024-33109 actively exploited?

CVE-2024-33109 has no public evidence of in-the-wild exploitation as of 2024-09-25.

What is the CVSS score for CVE-2024-33109?

CVE-2024-33109 has a CVSS score of 9.9 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L.

How do I patch CVE-2024-33109?

Patch guidance is available from ergophone security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-33109.

Fix CVE-2024-33109 - CRITICAL

Q: Which products are affected by CVE-2024-33109?

2 products: ergophone tiptel ip 286 firmware, yealink sip-t28p firmware.

Description

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: low
Weaknesses: CWE-22 · Path Traversal CWE-22 · Path Traversal

Metadata

Primary Vendor: ERGOPHONE
Published: 9/19/2024
Last Modified: 9/25/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

ergophone : tiptel_ip_286_firmwareyealink : sip-t28p_firmware

Remediation Guidance

Executive Summary

View on NIST NVD