Vulnerabilities > CVE-2007-0528 - Information Disclosure vulnerability in Pa168 Chipset
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 1 |
Exploit-Db
description | PA168 Chipset IP Phones Weak Session Management Exploit. CVE-2007-0528. Remote exploit for hardware platform |
file | exploits/hardware/remote/3189.sh |
id | EDB-ID:3189 |
last seen | 2016-01-31 |
modified | 2007-01-24 |
platform | hardware |
port | |
published | 2007-01-24 |
reporter | Adrian "pagvac" Pastor |
source | https://www.exploit-db.com/download/3189/ |
title | PA168 Chipset IP Phones Weak Session Management Exploit |
type | remote |