Múltiples vulnerabilitats en telèfons WiFi VoIP de diferents fabricants

Durant el passat CSI Computer Security Conference & Exhibition, Shawn Merdinger va presentar una sessió titulada VoIP WiFi Phone Handset Security Analysis on va fer públiques diverses vulnerabilitats en telèfons VoIP Wifi de múltiples fabricants, aquí teniu els models afectats i les vulnerabilitats publicades:

• Producte: Senao SI-680H VOIP WIFI Phone
  1. Vulnerabilitat: undocumented open port UDP/17185
• Producte:Zyxel P2000W Version 1 VOIP WIFI Phone
  1. Vulnerabilitat: undocumented port UDP/9090
  2. Vulnerabilitat: Phone uses hardcoded DNS servers
• Producte: UTStarcom F1000 VOIP WIFI Phone
  1. Vulnerabilitat: SNMP daemon has default public read credentials and the daemon cannot be disabled
  2. Vulnerabilitat: telnet server has known default user/password credentials (l:target / p:password)
  3. Vulnerabilitat: rlogin (TCP/513) unauthenticated access
• Producte: Hitachi IP5000 VOIP WIFI Phone
  1. Vulnerabilitat: handset hardcoded administrator password (0000)
  2. Vulnerabilitat: HTTP server vulnerabilities (Improper information disclosure & Web server default configuration does not require credentials to
     authenticate)
  3. Vulnerabilitat: SNMP daemon vulnerabilities
  4. Vulnerabilitat: undocumented port TCP/3390 Unidata Shell
• Producte: Cisco 7920 Wireless IP Phone
  1. Vulnerabilitat: Fixed SNMP Community Strings
  2. Vulnerabilitat: VxWorks Debugger Port (wdbrpc, 17185/udp)