Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11069
HistoryJan 17, 2006 - 12:00 a.m.

[Full-disclosure] Clipcomm CP-100E VoIP wireless desktop phone open debug service TCP/60023

2006-01-1700:00:00
vulners.com
7
JSON

I disclosed the following issue at ShmooCon 2006
<http://www.shmoocon.org/&gt; during my "VoIP Wireless Phone Security
Analysis" presentation.

Thanks,
–scm

===============================================================

VENDOR:
Clipcomm

VENDOR NOTIFIED:
7 December, 2005

PRODUCT:
Clipcomm CP-100E VoIP 802.11b Wireless Phone
http://www.clipcomm.co.kr/down/brochure/CP-100.100D.100P.100E.101.101B.pdf
Firmware Version: 1.1.60

VULNERABILITY TITLE:
Clipcomm CP-100E VoIP Wireless Phone open debug service TCP/60023

DETAILS, IMPACT AND WORKAROUND:
An undocumented port and debug service on TCP/60023 enables an
attacker to access without authentication the phone's
configuration/debug shell via telnet. The shell access provides the
attacker with two levels of access. The first level is the CLIP
account that allows general configuration. The second level is the USH
shell, accessed from within the CLIP shell, that allows an attacker to
enable call tracing and debugging, conduct a factory reset, write to
registers, dump memory, etc.

There appears to be no means to neither disable this access nor enable
authentication.

CONTACT INFORMATION:
Shawn Merdinger
[email protected]

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON