EUVD-2006-0381

Malware in sbrugna...

Authentication flaw

Advantage Century Telecommunication ACT P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which 1 might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB...

CVE-2006-0375

The CVE-2006-0375 entry applies to Advantage Century Telecommunication (ACT) P202S IP Phone, running firmware 1.1.21 on VxWorks. The issue is a hardcoded NTP server (Taiwan) that could let an attacker supply false time, block time information, or perform related attacks. The available connected d...

CVE-2006-0374

The CVE-2006-0374 entry applies to Advantage Century Telecommunication (ACT) P202S IP Phone firmware 1.1.21 (software version 1.01.21). The vulnerability involves multiple undocumented ports that could be abused: (1) access to VxWorks WDB remote debugging ONCRPC (wdbrpc) over UDP 17185, potential...

ACT P202S wireless VoIP phone multiple vulnerabilities

VxWorks debugger TCP/17185 access, rlogin access...

[Full-disclosure] ACT P202S VoIP wireless phone multiple undocumented ports/services

I disclosed the following issues at ShmooCon 2006 http://www.shmoocon.org/ during my "VoIP Wireless Phone Security Analysis" presentation. Thanks, --scm =============================================================== DATE: 16 January, 2006 VENDOR: ACT – Advantage Century Telecommunication...