Computer Security
[EN] securityvulns.ru no-pyccku


Multiple IP Phones unauthorized access
Published:24.01.2007
Source:
SecurityVulns ID:7095
Type:remote
Threat Level:
5/10
Description:After administrative login it's possible to access administration interface from any IP without password validation.
Affected:ATCOM : ATCOM AT-320ED
 ATCOM : ATCOM AT-323
 IPLINK : JR168_100B
 IPLINK : JR168_100W
 IPLINK : JR168_200
 NETWEBGROUP : Netweb 401
 NETWEBGROUP : Netweb 402
 WUCHAN : Wuchuan HOP-1001
 WUCHAN : Wuchuan HOP-1002
 WUCHAN : Wuchuan HOP-1003
 GIPTEL : Giptel G100
 SIPTRONIC : Siptronic ST-100
 SIPTRONIC : Siptronic ST-150
 MERITLINE : KE1020 Netphone
 MERITLINE : Meritline ML210
 INTEGRATEDNETWOR : Integrated Networks IN-1002
 ARTDIO : ArtDio IPF-2000
 ARTDIO : ArtDio IPF-2002L
 PERFECTONE : Perfectone IP300
CVE:CVE-2007-0528 (The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).)
Original documentdocumentProCheckUp Research, PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability (24.01.2007)
Files:Multiple IP phones remote administrator login check

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod