Sign up
 Vonage  

       
 
Vonage Forum Menu

Vonage Forums
Vonage VoIP Forum
MichaelMub Posted:
PORN...
In The Forum:
Hard Wiring - Installation
Topic:
The best pron
On Dec 05, 2016 at 22:20:50

Wickyvum Posted:
blocking viagra
viagra emails
viagra without a
doctor
prescription
ed treatments
...

In The Forum:
Hard Wiring - Installation
Topic:
Set-up tight-fisted generics no medicine
On Dec 05, 2016 at 17:40:46

tplink Posted:
Im trying to add
my HT802 vonage
adapter to my home
network. I
currently have
...

In The Forum:
Hard Wiring - Installation
Topic:
Vonage behind switch
On Dec 05, 2016 at 06:35:11

MichaelMub Posted:
PORN...
In The Forum:
Vonage
Topic:
The best pron
On Dec 04, 2016 at 10:22:56

Dwightkaw Posted:
kredyt bez
zaświadcze
24; kredyt bez
zaświadcze
24; o dochodach
...

In The Forum:
Vonage
Topic:
kredyt bez zaświadczeń
On Dec 03, 2016 at 03:27:10

Kevingrarl Posted:
Су
95;ас&
#1085;иl
1;
пі
76;пр&
#1080;&
...

In The Forum:
Vonage
Topic:
Сучас&
On Dec 02, 2016 at 12:51:38

IsaawUnace Posted:
does cialis work
as well as cialis
add.cgi buy
cialis cialis
the team <a
...

In The Forum:
Vonage
Topic:
Condition good pill instead of ed
On Dec 01, 2016 at 11:11:59

MatrickVop Posted:
buy cialis today
columbus oh
generic cialis
buy cialis online
registered users
...

In The Forum:
Vonage
Topic:
Classify miserly pills no means
On Nov 28, 2016 at 10:42:47

dracossumo Posted:
Ко
84;па&
#1085;иn
3; Tritel
пр
77;до
...

In The Forum:
Vonage
Topic:
&#1048;&#1085;&#1090;&#1077;&#1088;&
On Nov 27, 2016 at 23:00:39

DWSupport Posted:
After recent
Vonage update that
took place on the
4th and 5th of
Nov. E-mails with
...

In The Forum:
Vonage
Topic:
Voicemail Not Forwarding to Outlook Accounts
On Nov 10, 2016 at 12:23:26


Vonage VoIP Forums

Vonage In The News
Vonage Holdings Corp. Reports Fourth Quarter and Full Year 2013 Results

Carolyn Katz Elected to Board of Directors of Vonage Holdings Corp.

Syndication

Vonage Customer Reviews
Vonage vs. Time Warner Cable SoCal
Vonage vs. Time Warner Cable SoCal



Vonage UK Review
Vonage UK Review



Vonage Pros and Cons for 2006
Vonage Pros and Cons for 2006



Vonage, a VT2142 and a RTP300, My Experiences - A Detailed Review
Vonage, a VT2142 and a RTP300, My Experiences - A Detailed Review



Salt Lake City: impressions after several months
Salt Lake City: impressions after several months




Vonage Reviews


Post new topic   Reply to topic  Vonage® VoIP Forum - Vonage News, Reviews And Discussion » Vonage Forum Archive
Author Message
shawnmer
New Forum Member
New Forum Member


Joined: Feb 25, 2005
Posts: 4

PostPosted: Tue Dec 13, 2005 6:50 pm    Post subject: So I assume that the F1000 security issues are now resolved? Reply with quote Back to top

http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.html

===============================================================

VENDOR:
UTStarcom

VENDOR NOTIFIED:
27 June, 2005 via sales at utstarcom.com

VENDOR RESPONSE:
None

PRODUCT:
UTStarcom F1000 Voip WIFI Phone
http://www.utstar.com/Solutions/Handsets/WiFi/

SOFTWARE VERSION:
s2.0
VxWorks (for Hornet VoWifi, ARM946ES (LE)
Factory Firmware) version 5.5.1.
Kernel: WIND version 2.6.
Made on Apr 5 2005, 14:49:39.

A. VULNERABILITY TITLE:
UTStarcom F1000 Voip Wifi phone SNMP daemon has default public read
credentials and the daemon cannot be disabled

VULNERABILITY DETAILS, IMPACT AND WORKAROUND:
UTstarcom F1000 SNMP daemon default public credentials allows an
attacker with access to the phone's SNMP daemon to read the phone's
SNMP configuration. This can lead to sensitive information disclosure.
In addition, the daemon's read/write credentials cannot be changed,
nor can the daemon be disabled via the phone's physical interface
(i.e. via keypad input). During testing, the SNMP daemon appeared
consistently die when connecting via Snmpwalk, requiring rebooting the
phone in order to restore SNMP service.

B. VULNERABILITY TITLE:
UTstarcom F1000 Voip Wifi Phone telnet server has known default
user/password credentials

VULNERABILITY DETAILS, IMPACT AND WORKAROUND:
The phone's operating system is Wind River's Vxworks. Default
credentials for this OS are publically known to be target/password.

By default, the telnet deamon is listening on the phone (TCP port 23)
providing WIFI network access to the phone's OS. Attackers can telnet
to the phone and gain access to the phone's Vxworks OS using the known
default credentials.

Impact is full access to the Vxworks OS, including debugging, direct
memory dumping/injection, read/write device, user and network
configuration files, enable/disable/restart services, remote reboot.
For a workaround, the default login/password can be changed.

C. VULNERABILITY TITLE:
UTstarcom F1000 Voip Wifi Phone rlogin (TCP/513) unauthenticated access

VULNERABILITY DETAILS, IMPACT AND WORKAROUND:
The phone's rlogin port TCP/513 is listening by default and requires
no authentication. An attacker connecting to the phone via
telnet/netcat is dropped into a shell without any login. The shell
provides an attacker full access to the Vxworks OS, including
debugging, direct memory dumping/injection, read/write device, user
and network configuration files, enable/disable/restart services,
remote reboot.

There appears to be no workaround as neither the service can be
disabled, nor can authentication to rlogin be enabled.
View user's profile Send private message
howiewifi
Vonage Forum Evangelist
Vonage Forum Evangelist


Joined: Dec 13, 2005
Posts: 330

PostPosted: Tue Dec 13, 2005 9:53 pm    Post subject: Reply with quote Back to top

Have a look at the complete link:

http://secunia.com/advisories/17629/

It seems to be fixed.
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


All times are GMT - 5 Hours

Vonage Service Plans


Vonage VoIP Members
Members List Members
New anthonybc3
New Today 2
Yesterday 7
Total 99018

Who Is On Site
Visitors 80
Members 0
Total 80


Vonage VoIP Forum Members:
Login Here
Not a Member? You can Register Here
As a registered member you will have access to the VoIP Speed Test, Vonage Service Announcements and post comments in the
Vonage VoIP Forums

Vonage Stock Price
Value: 6.90
Change:   N/A
Up to 15 Minute Delay

Site Search
 






†AK and HI residents pay $29.95 shipping. ††Limited time offer. Valid for residents of the United States (&DC), 18 years or older, who open new accounts. Offer good while supplies last and only on new account activations. One kit per account/household. Offer cannot be combined with any other discounts, promotions or plans and is not applicable to past purchases. Good while supplies last. Allow up to 2 weeks for shipping. Other restrictions may apply.

1Unlimited calling and other services for all residential plans are based on normal residential, personal, non-commercial use. A combination of factors is used to determine abnormal use, including but not limited to: the number of unique numbers called, calls forwarded, minutes used and other factors. Subject to our Reasonable Use Policy and Terms of Service.

2Shipping and activation fees waived with 1-year agreement. An Early Termination Fee (with periodic pro-rated reductions) applies if service is terminated before the end of the first 12 months. Additional restrictions may apply. See Terms of Service for details.

HIGH SPEED INTERNET REQUIRED. †VALID FOR NEW LINES ONLY. RATES EXCLUDE INTERNET SERVICE, SURCHARGES, FEES AND TAXES. DEVICE MAY BE REFURBISHED. If you subscribe to plans with monthly minutes allotments, all call minutes placed from both from your home and registered ExtensionsTM phones will count toward your monthly minutes allotment. ExtensionsTM calls made from mobiles use airtime and may incur surcharges, depending on your mobile plan. Alarms, TTY and other systems may not be compatible. Vonage 911 service operates differently than traditional 911. See www.vonage.com/911 for details.

** Certain call types excluded.

www.vonage-forum.com is not an official Vonage support website & is independently operated.
All logos and trademarks are property of their respective owners. All comments are property of their posters.
All other www.vonage-forum.com content is © Copyright 2002 - 2013 by 4Sight Media LLC.

Thinking of signing up for Vonage but have questions?
Business and Residential customers can call Toll Free 24 hours a day at: 1-888-692-8074
No Vonage Promotion Code or Coupon Codes are required at www.vonage.com to receive any special,
best Vonage cheap deals, free sign up offers or discounts.

[ | | | | | ]

Vonage Forum Site Maps

Vonage | VoIP Forum | How VoIP Works | Wiring and Installation Page Two | International Rate Plans 2 | Internet Phone
Promotion | Vonage Review | VoIP | Broadband Phone | Free Month | Rebate | Vonnage | Vontage | VoIP | Phone Service
Phone | llamadas ilimitadas a Mexico | Latest News | VoIP Acronyms | Deal | Philippines Globe Phone | Site Maps

The Vonage Forum provides the Vonage sign up Best Offer Promotion Deal.
If you are considering signing up for Vonage and have found our Vonage News, Customer Reviews, Forums
& all other parts of this site useful, please use our Vonage Sign up page.


Vonage VoIP Phone Service is redefining communications by offering consumers
& small business VoIP Internet phones, an affordable alternative to traditional phone service.
The Vonage VoIP Forum Generated This Page In: 0.74 Seconds and 381 Pages In The Last 60 Seconds
The Vonage VoIP Forum