---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l ---------------------------------------------------------------------- TITLE: UTStarcom iAN-02EX VoIP ATA Reset Security Bypass SECUNIA ADVISORY ID: SA14544 VERIFY ADVISORY: http://secunia.com/advisories/14544/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: UTStarcom iAN-02EX VoIP ATA http://secunia.com/product/4752/ DESCRIPTION: Atom Smasher has reported a security issue in UTStarcom iAN-02EX, which can be exploited by malicious people to bypass certain security restrictions. The problem is that the ATA (Analog Terminal Adaptor) can be reset by dialing "*#26845#". This can be exploited to gain access to the ATA by supplying the default password. Successful exploitation requires access to a phone connected to the ATA. The security issue has been reported in a configuration shipped by the Lingo VoIP (Voice over IP) provider. Configurations shipped by other providers may also be affected. SOLUTION: Grant only trusted users access to phones connected to the ATA. PROVIDED AND/OR DISCOVERED BY: Atom Smasher ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------