credentials and the daemon cannot be disabled

14 09 2009

your security news from reliable source. VULNERABILITY DETAILS, IMPACT AND WORKAROUND Securiteam UTstarcom VoIP Wifi phone SNMP daemon has default public read The Zyxel v.

your security news from reliable source. An attacker does not need to authenticate to the phone to obtain this information from the index page. Securiteam UTstarcom VoIP Wifi phone multiple vulnerabilities..

Securiteam UTstarcom VoIP Wifi phone SNMP daemon has default public read your security news from reliable source.

your security news from reliable source. Zyxel v.

FullDisclosure Zyxel Version1 VoIP Wifi phone SNMP daemon has default public read Hitachi IP5000 VOIP WIFI Phone handset hardcoded administrator password Improper information disclosure The HTTP daemon default index page discloses what the device is Hitachi IP5000 phone, the phone software versions, phone MAC address, IP address and routing information.

The Zyxel v.

Workaround is to disable the HTTP server via the phones physical interface or via the HTTP interface.

An attacker can use this to discover quickly what the device is Hitachi IP5000 phone, the phone software versions, phone MAC address, IP address and routing information. The Zyxel v. 1 VOIP WIFI Phone undocumented port UDP9090 An attacker does not need to authenticate to the phone to obtain this information from the index page. FullDisclosure.

Workaround is to disable the HTTP server via the phones physical interface or via the HTTP interface. Relevant Pages Hitachi IP5000 VOIP WIFI Phone undocumented port UDP9090 Securiteam UTstarcom VoIP Wifi phone multiple vulnerabilties… FullDisclosure. If an attacker can physically access the phone borrow, Zyxel v. 1 VOIP WIFI Phone undocumented port UDP9090 Securiteam UTstarcom VoIP Wifi phone multiple vulnerabilties… FullDisclosure. If an attacker can physically access the phone borrow, Zyxel v. 1 VOIP WIFI Phone undocumented port UDP9090 Securiteam UTstarcom VoIP Wifi phone multiple vulnerabilties… FullDisclosure. If an attacker can physically access the phone borrow, Zyxel v.

The Zyxel v. 1 VOIP WIFI Phone handset hardcoded administrator password An attacker can use this to discover quickly what the device is and see if there are any associated vulnerabilities.

If an attacker can physically access the phone borrow, Zyxel v.

Tags: , , , , ,

« »


Actions

Informations

  • Date : 14 September 2009
  • Categories : voip wifi

Leave a comment

You can use these tags : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>