Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Aastra IP Telephone Hardcoded Password

🗓️ 08 Apr 2013 00:00:00Reported by Timo Juhani LindforsType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

Aastra IP Telephone has a hardcoded telnet admin password, leading to vulnerability and potential denial of service

Code
`  
Aastra IP Telephone hardcoded telnet admin password  
---------------------------------------------------  
  
Affected products  
=================  
  
Aastra 6753i IP Telephone  
Firmware Version 3.2.2.56  
Firmware Release Code SIP  
Boot Version 2.5.2.1010  
  
Background  
==========  
  
"The 6753i from Aastra offers powerful features and flexibility in a  
standards based, carrier-grade basic level IP telephone. With a  
sleek and elegant design and 3 line LCD display, the 6753i is fully  
interoperable with leading IP Telephony platforms, offering  
advanced XML capability to access custom applications and support  
for up to 9 calls simultaneously. Part of the Aastra family of IP  
telephones, the 6753i is ideally suited for light to regular  
telephone requirements."  
  
Description  
===========  
  
The phone seems to ship with a hardcoded telnet password for the "admin"  
user. Since the hashing algorithm is weak anybody can find working  
passwords using the "vxworks_mem_search.rb" tool in a few seconds. One  
of them is "[M]qozn~". After logging in you get access to a VxWorks  
shell but for some reason most commands seem to crash the system. This  
might mean that the vulnerability can only be used to cause denial of  
service but there is no guarantee.  
  
Timeline  
========  
  
2012-04-03 Contacted Aastra and explained the issue  
2012-04-25 Contacted Aastra and informed them that details will be  
disclosed in 2013  
2013-04-05 Public disclosure  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Apr 2013 00:00Current
0.1Low risk
Vulners AI Score0.1
aastra ip telephonehardcoded passwordtelnet adminvulnerabilitydenial of service
30