Vulnerabilities > CVE-2007-0528 - Unspecified vulnerability in Centrality Communications Pa168 Chipset
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN centrality-communications
exploit available
Summary
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 1 |
Exploit-Db
description | PA168 Chipset IP Phones Weak Session Management Exploit. CVE-2007-0528. Remote exploit for hardware platform |
file | exploits/hardware/remote/3189.sh |
id | EDB-ID:3189 |
last seen | 2016-01-31 |
modified | 2007-01-24 |
platform | hardware |
port | |
published | 2007-01-24 |
reporter | Adrian "pagvac" Pastor |
source | https://www.exploit-db.com/download/3189/ |
title | PA168 Chipset IP Phones Weak Session Management Exploit |
type | remote |
References
- http://osvdb.org/32966
- http://osvdb.org/32966
- http://secunia.com/advisories/23919
- http://secunia.com/advisories/23919
- http://secunia.com/advisories/23936
- http://secunia.com/advisories/23936
- http://www.procheckup.com/Vulner_PR0614.php
- http://www.procheckup.com/Vulner_PR0614.php
- http://www.securityfocus.com/archive/1/457868/100/0/threaded
- http://www.securityfocus.com/archive/1/457868/100/0/threaded
- http://www.vupen.com/english/advisories/2007/0346
- http://www.vupen.com/english/advisories/2007/0346
- https://www.exploit-db.com/exploits/3189
- https://www.exploit-db.com/exploits/3189