CVE-2022-26143

KEV EPSS 89.15% · P100 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-26143

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Mitel Networks MiCollab和Mitel Networks MiVoice Business Express 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Mitel Networks MiCollab和Mitel Networks MiVoice Business Express都是加拿大Mitel Networks公司的产品。Mitel Networks MiCollab是一款为员工提供语音、视频、消息、音频会议和团队协作的移动应用程序。Mitel Networks MiVoice Business Express是一套实时通信解决方案。 Mitel MiCollab 9.4 SP1 FP1 之前版本和 MiVoice Business Express

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2022-26143

#	POC Description	Source Link	Shenlong Link
1	Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 contain a vulnerability in the TP-240 component caused by improper handling, letting remote attackers obtain sensitive information and cause denial of service, exploit requires remote access.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2022-26143.yaml	POC Details
2	Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 contain a vulnerability in the TP-240 component caused by improper handling, letting remote attackers obtain sensitive information and cause denial of service, exploit requires remote access.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-26143.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-26143

请登录查看更多情报信息。

https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/x_refsource_MISC
https://news.ycombinator.com/item?id=30614073x_refsource_MISC
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001x_refsource_MISC
https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/x_refsource_MISC
https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/x_refsource_MISC
https://www.akamai.com/blog/security/phone-home-ddos-attack-vectorx_refsource_MISC
https://blog.cloudflare.com/cve-2022-26143/x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2022-26143

Same Patch Batch · n/a · 2022-03-09 · 50 CVEs total

CVE-2022-24960	6.5 MEDIUM	Use after free vulnerability in PDFTron SDK
CVE-2022-26778	5.3 MEDIUM	Veritas System Recovery安全漏洞
CVE-2022-0204		BlueZ 输入验证错误漏洞
CVE-2022-25552		Tenda AX1806 缓冲区错误漏洞
CVE-2021-44631		TP-Link WR886N 安全漏洞
CVE-2021-44627		TP-LINK WR-886N 安全漏洞
CVE-2021-44629		TP-LINK WR-886N 安全漏洞
CVE-2021-44628		TP-Link WR886N 安全漏洞
CVE-2021-44630		TP-Link WR886N 安全漏洞
CVE-2022-25566		Tenda AX1806 缓冲区错误漏洞
CVE-2022-25561		Tenda AX12 缓冲区错误漏洞
CVE-2022-25560		Tenda AX12 缓冲区错误漏洞
CVE-2022-25558		Tenda AX1806 缓冲区错误漏洞
CVE-2022-25557		Tenda AX1806 缓冲区错误漏洞
CVE-2022-25556		Tenda AX12 缓冲区错误漏洞
CVE-2022-25555		Tenda AX1806 缓冲区错误漏洞
CVE-2022-25547		Tenda AX1806 缓冲区错误漏洞
CVE-2022-25554		Tenda AX1806 缓冲区错误漏洞
CVE-2022-25553		Tenda AX1806 缓冲区错误漏洞
CVE-2021-44632		TP-Link WR886N 安全漏洞

Showing top 20 of 50 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2022-26143

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-26143

I. Basic Information for CVE-2022-26143

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2022-26143

III. Intelligence Information for CVE-2022-26143

Same Patch Batch · n/a · 2022-03-09 · 50 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-26143

Leave a comment