Vulnerability CVE-2007-0528


Published: 2007-01-25   Modified: 2012-02-12

Description:
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Centrality communications -> Pa168 chipset 

 References:
http://www.procheckup.com/Vulner_PR0614.php
http://www.securityfocus.com/archive/1/457868/100/0/threaded
http://www.vupen.com/english/advisories/2007/0346
https://www.exploit-db.com/exploits/3189

Copyright 2024, cxsecurity.com

 

Back to Top