Vonage VoIP Telephone Adapter Default Misconfiguration

2007-06-06 / 2007-06-07
Risk: Medium
Local: Yes
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Vonage VoIP Telephone Adapter Default Misconfiguration The Vonage VoIP Telephone Adapter device is, by default, accessible from the WLAN/internet. The product ships with the default username of 'user' and default password of 'user' to access the administrative backend. Users are suggested to update their passwords immediately. An attacker could cause a denial-of-service by uploading broken firmware to the device, or by constantly rebooting the device. John Martinelli john (at) martinelli (dot) com [email concealed] http://RedLevel.org RedLevel.org Security


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top