Bugtraq mailing list archives
Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability
From: Atom Smasher <atom () smasher org>
Date: Tue, 8 Mar 2005 01:19:23 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, 7 Mar 2005, Atom Smasher wrote:
an attacker may change the default password (the ATA doesn't appear to have a customer accessible hardware reset, which could compound a password problem).
========================= (responding to self)the ATA can be reset by dialing *#26845# from a connected phone. this presents another problem. an attacker can reset the password (and then gain unauthorized access to the ATA) by gaining access to any phone connected to the ATA. this can be easily accomplished at a party or by wireless beige-boxing which could be done from some distance away.
of course this type of reset seems to wipe out most info that would be useful to an attacker (LAN config, speed-dial list, etc) but still facilitates DoS and other types of attack.
solution: a pinhole button in the back of the ATA would require physical access to the device in order to reset the password.
- -- ...atom
_________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we" -- George "dubya" Bush, 5 Aug 2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJCLUPxAAoJEAx/d+cTpVci5cMIAL3OtgwgC9V5k7h9rOb4e1Qt +yLNzPqml9ea/whzGeb/01KEWZ665WWYPALLf7SbkeNLr2Z3fMs8AlTjb5Uc5+v3 rnXH8vvYjb62uXHbMD8WAWj4HeVbzBMojeL1rwT/kE+fIwH25OQ/DnRRnrI0/5OS 1zBPhbzAMeej4FYyZtxxEJsySI1rWQSz8XA5FpZ3Dp/C7a4k4/gWLmcp3NJCsBFZ YH64Oe4h1EvAK9S3d0CyJPFSwZKXRalIa0WlL6reJN4SZW/PeCs+L/8ydmr7XDN5 M6cHwQ/HhKnnHXreQn/8/N40X8oKx59/jZGfH1ypzJVKSp+NKAg4XBm7lsXfJP8= =xE6p -----END PGP SIGNATURE-----
Current thread:
- Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 07)
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 08)
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 10)
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Ryan Cummings (Mar 11)
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 11)
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Ryan Cummings (Mar 11)