| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <fb0927a80601161411q33573464o27664886892fae38@mail.gmail.com> Date: Mon Jan 16 23:12:47 2006 From: shawnmer at gmail.com (Shawn Merdinger) Subject: ACT P202S VoIP wireless phone multiple undocumented ports/services I disclosed the following issues at ShmooCon 2006 <http://www.shmoocon.org/> during my "VoIP Wireless Phone Security Analysis" presentation. Thanks, --scm =============================================================== DATE: 16 January, 2006 VENDOR: ACT ? Advantage Century Telecommunication Corporation VENDOR NOTIFIED: 19 October, 2005 PRODUCT: ACT P202S VoIP wireless phone http://www.act-tel.com.tw/_pg/products/productItem.asp?productKey=54 Firmware Version: 1.1.21on VxWorks VULNERABILITY TITLE: ACT P202S VoIP wireless phone multiple undocumented ports/services DETAILS, IMPACT AND WORKAROUND: The ACT P202S VoIP 802.11b wireless phone, version 1.01.21 on VxWorks has three undocumented ports and extraneous services that can be exploited by attackers. 1. Undocumented port, UDP/17185 VxWorks WDB remote debugging (wdbrpc) 2. Undocumented port, TCP/7 echo 3. Undocumented port, TCP/513 rlogin 4. Hardcoded NTP server 1. Undocumented port, UDP/17185 may allows direct access to phone memory and OS internals. 2. Undocumented port, TCP/7 may allow attacker to reflect sent network data using the echo service, potential causing impact to phone operation or utilized in DoS of other network devices. 3. Undocumented port, TCP/513 allows an attacker rlogin access with no credentials. 4. The phone configuration has a hardcoded Taiwan NTP server CONTACT INFORMATION: Shawn Merdinger shawnmer@...il.com
Powered by blists - more mailing lists