Vulnerabilities > CVE-2005-3718 - Remote Access vulnerability in Utstarcom F1000 Voip Wifi Phone 2.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

utstarcom

NVD

Published: 2005-11-21

Updated: 2011-03-08

Summary

UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 does not allow users to disable access to (1) SNMP or (2) the rlogin port TCP 513, which allows remote attackers to exploit other vulnerabilities such as CVE-2005-3716, or execute arbitrary shell commands via rlogin, which does not require authentication.

Vulnerable Configurations

Part	Description	Count
Hardware	Utstarcom Utstarcom F1000 Voip Wifi Phone 2.0	1

References

http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.html
http://secunia.com/advisories/17629
http://www.securityfocus.com/bid/15476
http://www.vupen.com/english/advisories/2005/2472