Published:2005/09/30  Last Updated:2008/05/21

JVN#76659792
WirelessIP5000 has multiple vulnerabilities

Overview

WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities;

  • Illegal access using the port TCP3390
  • SNMP access using an arbitrary community name
  • Access to the HTTP server by an unauthorized user in the factory default configuration
  • The HTTP server shows detailed information that can be used by an attacker to attempt attacks
  • The factory default password for administrator account is easily guessed

Products Affected

  • Refer to the vendors' website

Description

Impact

These vulnerabilities may allow an attacker to conduct the following attacks:

  • Illegal information collection
  • Change of the configuration using SNMP protocol, web browsers, etc.
  • Denial of service (DoS) attacks using information which the HTTP server provides
  • Impersonation and information retrieval using the administrator's password

Solution

Vendor Status

References

JPCERT/CC Addendum

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2005-000782

Update History