Re: [Full-disclosure] FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access
- From: Paul Schmehl <pauls@xxxxxxxxxxxx>
- Date: Fri, 22 Sep 2006 10:11:49 -0500
--On Thursday, September 21, 2006 17:14:40 -0700 Shawn Merdinger <shawnmer@xxxxxxxxx> wrote:
Zachary McGrew has discovered and reported that the FiWin SS28S WiFiThe engineers who designed this should be summarily fired. The terminal stupidity of it is mind boggling!
VoIP SIP/Skype Phone with firmware version 01_02_07 has VxWorks Telnet
open with a hardcoded user/pass of 1/1. Various debug commonds enable
viewing SIP credentials, WEP keys, etc. on the phone.
More details here:
Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
Description: S/MIME cryptographic signature
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] Live is Live
- Next by Date: [Full-disclosure] [SECURITY] [DSA 1182-1] New gnutls11 packages fix RSA signature forgery cryptographic weakness
- Previous by thread: [Full-disclosure] FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access
- Next by thread: Re: [Full-disclosure] FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access