Published:2005/09/30 Last Updated:2008/05/21
JVN#76659792
WirelessIP5000 has multiple vulnerabilities
Overview
WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities;
- Illegal access using the port TCP3390
- SNMP access using an arbitrary community name
- Access to the HTTP server by an unauthorized user in the factory default configuration
- The HTTP server shows detailed information that can be used by an attacker to attempt attacks
- The factory default password for administrator account is easily guessed
Products Affected
- Refer to the vendors' website
Description
Impact
These vulnerabilities may allow an attacker to conduct the following attacks:
- Illegal information collection
- Change of the configuration using SNMP protocol, web browsers, etc.
- Denial of service (DoS) attacks using information which the HTTP server provides
- Impersonation and information retrieval using the administrator's password
Solution
Vendor Status
References
JPCERT/CC Addendum
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000782 |