Vulnerability Details CVE-2007-0528
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.095
EPSS Ranking 92.5%
CVSS Severity
CVSS v2 Score 9.0
References
- http://osvdb.org/32966
- http://secunia.com/advisories/23919
- http://secunia.com/advisories/23936
- http://www.procheckup.com/Vulner_PR0614.php
- http://www.securityfocus.com/archive/1/457868/100/0/threaded
- http://www.vupen.com/english/advisories/2007/0346
- https://www.exploit-db.com/exploits/3189
- http://osvdb.org/32966
- http://secunia.com/advisories/23919
- http://secunia.com/advisories/23936
- http://www.procheckup.com/Vulner_PR0614.php
- http://www.securityfocus.com/archive/1/457868/100/0/threaded
- http://www.vupen.com/english/advisories/2007/0346
- https://www.exploit-db.com/exploits/3189
Products affected by CVE-2007-0528
-
cpe:2.3:h:centrality_communications:pa168_chipset:*