First page Back Continue Last page Graphics
SS28S VxWorks Debug Console Hard-coded Credentials
Vulnerability
- VxWorks debug console open via Telnet
- VxWorks credentials hard-coded to user “1” and pass “1”
- As of firmware 01_02_07 (current as of 10/24/06)
Public Disclosure: 09/22/06
- http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/
- BID: 20154
Attack
- Telnet to the phone on port 23
- Authenticate with username “1”, password “1”
Effects
- Device configuration disclosure
- Authentication credentials disclosure
- DoS via memory corruption, disk format/corruption