Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
after unsuccessfully attempting to find contact information of anyone who
can address or correct this, here's a public disclosure.
Vulnerability Name
Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability
Overview
the UTStarcom iAN-02EX is a VoIP ATA currently being used by Lingo (and
other VoIP providers?). this advisory is specific to the configuration of
the iAN-02EX device as currently shipped by Lingo, and may or may not
apply to other configurations of the device. the default configuration
leaves the ATA vulnerable to unauthorized remote access.
Description
using the default password, a remote attacker may access the device via
the WAN port. this problem is compounded by Lingo's recommendation that
the device should be placed between a broadband modem and router
("recommended method"). this configuration makes the ATA's WAN port
accessible from the public internet.
Impact
an attacker may cause a denial of service for voice and/or data traffic.
an attacker may gain access to a customers speed-dial list and modify that
list (this may be particularly dangerous if the attacker is a scorned
ex-lover or overzealous admirer). an attacker may gain gain access to
other areas of the LAN behind the ATA (by specifying it as a DMZ or port
forwarding). an attacker may change the default password (the ATA doesn't
appear to have a customer accessible hardware reset, which could compound
a password problem). an attacker may cause other havoc for the VoIP
customer.
Solution
this vulnerability can be mitigated by not allowing login access via
WAN. at the very least this feature should be disabled by default. ideally
access via the WAN port should require that the default password is
changed.
References
http://www.utstar.com/Solutions/CPE/VoIP_CPE/
http://www.utstar.com/Solutions/Document_Library/CPE/docs/SS_UTiAN02EX.pdf
http://www.lingosupport.com/
http://www.lingosupport.com/install_multi_01.html
- --
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Your password must be at least 18770 characters and
cannot repeat any of your previous 30689 passwords.
Please type a different password. Type a password
that meets these requirements in both text boxes."
-- Microsoft takes security seriously in
Knowledge Base Article Q276304.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJCK/Y8AAoJEAx/d+cTpVcieigH/2tclaF4CvkvQfgdOt3emrcT
XZK2a3K3gx9p1Cdy5pbXYSN+oh9EvV+LadYljASxl0IV1Kn32OZQMLJbfRTjJHf5
XaU4HIFS2n8Q/+HSVfOQCCOb1RAulD7Hpgj+/omh9kS4dHQdHJ3jBwQe9NCqF8M4
DG/H5uzB3SFuzDQemYuZOh5qnqNxUsI5TiTXAzww31tuR240sABiwGDB8eurEub3
+FWXcj9ytWMGdbk+Jq+J4MR1dDzv+pcK7cSQHUiEKtUJp0XrfyMJpgxMGxPFHWX9
T+8qM1lJw+7DNsSih6TY0OGRygVZezPpgPKZY0dDJpRvw651McQi+klWCeQU30c=
=VsqM
-----END PGP SIGNATURE-----