TITLE: UTStarcom F1000 Wi-Fi Handset Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17629 VERIFY ADVISORY: http://secunia.com/advisories/17629/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of system information, DoS WHERE: >From local network OPERATING SYSTEM: UTStarcom F1000 Wi-Fi Handset http://secunia.com/product/6143/ DESCRIPTION: Shawn Merdinger has reported some vulnerabilities in UTStarcom F1000 Wi-Fi Handset, which can be exploited by malicious people to gain access to potentially sensitive information, to modify certain information, and to cause a DoS (Denial of Service). 1) The SNMP service that runs on the IP phone allows read access using default public credential. The service cannot be disabled and does not allow the community string to be changed. This can be exploited to retrieve the device configuration by sending SNMP GetRequest to phone. The SNMP service reportedly can be crashed when accessed via snmpwalk. 2) A rlogin service runs on port 513/tcp of the phone and can be access without requiring logon. The service cannot be disabled and does not allow login credentials to be set. This can be exploited to gain access to the Vxworks OS, potentially allowing retrieval and modification of configuration information and rebooting the device, thus causing a DoS. The vulnerabilities have been reported in version 2.0 with VxWorks version 5.5.1 and WIND kernel version 2.6. Note: A telnet service runs on 23/tcp with publicly known default userid and password. SOLUTION: Restrict use to within trusted networks only. Configure a strong password for the telnet service. PROVIDED AND/OR DISCOVERED BY: Shawn Merdinger ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------