Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2006-0015
Type: Vulnerability
Status: Candidate
Classification:
Misconfiguration
Description:
The UTStarcom F1000 802.11 VOIP phone allows telnet connections using a default login and password.
Discussion:
The UTStarcom F1000 802.11 VOIP phone provides remote access to itself via a telnet daemon. Accessing the device in this way does require a login and password. However, the operating system that the phone utilizes VxWorks has a well known default account (login: target, password: password) that can be used to obtain access to the device.
Once an attacker has connected to the device through the telnet daemon they have full access to the phone. This may give them the ability to read or write to memory locations, modify the phone's configuration, and to reboot the phone.
This issue can be mitigated by changing the default login and password.
Credits
Author:
Shawn
Merdinger
(shawnmer@gmail.com)
: None
References
URL:
http://osvdb.org/displayvuln.php?osvdb_id=20964
URL:
http://www.securityfocus.com/bid/15476
URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3717
URL:
http://seclists.org/lists/fulldisclosure/2005/Nov/0544.html
URL:
http://www.utstar.com/Solutions/Handsets/WiFi/
Released: 2005-11-16
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Fri Feb 03 10:43:25 -0800 2006
Candidate Date: Fri Feb 03 11:03:04 -0800 2006
