[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] ACT P202S VoIP wireless phone multiple undocumented ports/services
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] ACT P202S VoIP wireless phone multiple undocumented ports/services
- From: Shawn Merdinger <shawnmer@xxxxxxxxx>
- Date: Mon, 16 Jan 2006 14:11:13 -0800
I disclosed the following issues at ShmooCon 2006
<http://www.shmoocon.org/> during my "VoIP Wireless Phone Security
Analysis" presentation.
Thanks,
--scm
===============================================================
DATE:
16 January, 2006
VENDOR:
ACT – Advantage Century Telecommunication Corporation
VENDOR NOTIFIED:
19 October, 2005
PRODUCT:
ACT P202S VoIP wireless phone
http://www.act-tel.com.tw/_pg/products/productItem.asp?productKey=54
Firmware Version:
1.1.21on VxWorks
VULNERABILITY TITLE:
ACT P202S VoIP wireless phone multiple undocumented ports/services
DETAILS, IMPACT AND WORKAROUND:
The ACT P202S VoIP 802.11b wireless phone, version 1.01.21 on VxWorks
has three undocumented ports and extraneous services that can be
exploited by attackers.
1. Undocumented port, UDP/17185 VxWorks WDB remote debugging (wdbrpc)
2. Undocumented port, TCP/7 echo
3. Undocumented port, TCP/513 rlogin
4. Hardcoded NTP server
1. Undocumented port, UDP/17185 may allows direct access to phone
memory and OS internals.
2. Undocumented port, TCP/7 may allow attacker to reflect sent network
data using the echo service, potential causing impact to phone
operation or utilized in DoS of other network devices.
3. Undocumented port, TCP/513 allows an attacker rlogin access with no
credentials.
4. The phone configuration has a hardcoded Taiwan NTP server
CONTACT INFORMATION:
Shawn Merdinger
shawnmer@xxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/