Tiptel · Tiptel Ip 286 · CVE-2024-33109
**Name of the Vulnerable Software and Affected Versions**
Tiptel IP 286 version 2.61.13.10
**Description**
The issue allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function in the web interface. This is due to a Directory Traversal vulnerability.
**Recommendations**
For Tiptel IP 286 version 2.61.13.10, as a temporary workaround, consider disabling the Ringtone upload function until a patch is available. Restrict access to the web interface to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.