 |
 | Vonage Forum Menu |
| | |
| Vonage Forums |
|
|
| | | |
| Vonage In The News |
| | |
| Vonage Customer Reviews |
| | |
| |
Vonage http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.html
====================
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.html
===============================================================
VENDOR:
UTStarcom
VENDOR NOTIFIED:
27 June, 2005 via sales at utstarcom.com
VENDOR RESPONSE:
None
PRODUCT:
UTStarcom F1000 Voip WIFI Phone
http://www.utstar.com/Solutions/Handsets/WiFi/
SOFTWARE VERSION:
s2.0
VxWorks (for Hornet VoWifi, ARM946ES (LE)
Factory Firmware) version 5.5.1.
Kernel: WIND version 2.6.
Made on Apr 5 2005, 14:49:39.
A. VULNERABILITY TITLE:
UTStarcom F1000 Voip Wifi phone SNMP daemon has default public read
credentials and the daemon cannot be disabled
VULNERABILITY DETAILS, IMPACT AND WORKAROUND:
UTstarcom F1000 SNMP daemon default public credentials allows an
attacker with access to the phone's SNMP daemon to read the phone's
SNMP configuration. This can lead to sensitive information disclosure.
In addition, the daemon's read/write credentials cannot be changed,
nor can the daemon be disabled via the phone's physical interface
(i.e. via keypad input). During testing, the SNMP daemon appeared
consistently die when connecting via Snmpwalk, requiring rebooting the
phone in order to restore SNMP service.
B. VULNERABILITY TITLE:
UTstarcom F1000 Voip Wifi Phone telnet server has known default
user/password credentials
VULNERABILITY DETAILS, IMPACT AND WORKAROUND:
The phone's operating system is Wind River's Vxworks. Default
credentials for this OS are publically known to be target/password.
By default, the telnet deamon is listening on the phone (TCP port 23)
providing WIFI network access to the phone's OS. Attackers can telnet
to the phone and gain access to the phone's Vxworks OS using the known
default credentials.
Impact is full access to the Vxworks OS, including debugging, direct
memory dumping/injection, read/write device, user and network
configuration files, enable/disable/restart services, remote reboot.
For a workaround, the default login/password can be changed.
C. VULNERABILITY TITLE:
UTstarcom F1000 Voip Wifi Phone rlogin (TCP/513) unauthenticated access
VULNERABILITY DETAILS, IMPACT AND WORKAROUND:
The phone's rlogin port TCP/513 is listening by default and requires
no authentication. An attacker connecting to the phone via
telnet/netcat is dropped into a shell without any login. The shell
provides an attacker full access to the Vxworks OS, including
debugging, direct memory dumping/injection, read/write device, user
and network configuration files, enable/disable/restart services,
remote reboot.
There appears to be no workaround as neither the service can be
disabled, nor can authentication to rlogin be enabled.
Read The Full Thread: So I assume that the F1000 security issues are now resolved?
• Have a look at the complete link:
http://secunia.com/advisories/17629/
It
shawnmer posted "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.html
====================" on 12/13/2005 |
|
|
| |
| Vonage Service Plans |
| | |
| Vonage VoIP Members |
| | |
| Vonage Stock Price |
|
Value: 1.70
Change:  -0.03
Up to 15 Minute Delay | | | |
| Site Search |
| | |
|
|
Vonage VoIP Phone Service is redefining communications by offering consumers
& small business VoIP Internet phones, an affordable alternative to traditional phone service.
The Vonage VoIP Forum Generated This Page In: 0.32 Seconds and 236 Pages In The Last 60 Seconds
The Vonage VoIP Forum
|
Members
New 
New Today 3
Yesterday 3
Total 64297
Who Is On Site
Visitors 135
Members 0
Total 135