|
Full Disclosure
mailing list archives
Re: FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access
From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 22 Sep 2006 10:11:49 -0500
--On Thursday, September 21, 2006 17:14:40 -0700 Shawn Merdinger
<shawnmer () gmail com> wrote:
Zachary McGrew has discovered and reported that the FiWin SS28S WiFi
VoIP SIP/Skype Phone with firmware version 01_02_07 has VxWorks Telnet
open with a hardcoded user/pass of 1/1. Various debug commonds enable
viewing SIP credentials, WEP keys, etc. on the phone.
More details here:
http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSky
pe-Phone/
The engineers who designed this should be summarily fired. The terminal
stupidity of it is mind boggling!
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
Attachment:
_bin
Description:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
Intro
