Redlevel Advisory #025 - Vonage VoIP Telephone Adapter Default Misconfiguration

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Redlevel Advisory #025 - Vonage VoIP Telephone Adapter Default Misconfiguration
From: john@xxxxxxxxxxxxxx
Date: 2 Jun 2007 05:37:40 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Vonage VoIP Telephone Adapter Default Misconfiguration

The Vonage VoIP Telephone Adapter device is, by default, accessible from the 
WLAN/internet. The product ships with the default username of 'user' and 
default password of 'user' to access the administrative backend.

Users are suggested to update their passwords immediately. An attacker could 
cause a denial-of-service by uploading broken firmware to the device, or by 
constantly rebooting the device.

John Martinelli
john@xxxxxxxxxxxxxx

http://RedLevel.org
RedLevel.org Security

Prev by Date: Re: Buffer overflow in BusinessMail email server system 4.60.00
Next by Date: 2007-06-03: PeerCast streaming server submits cleartext password
Previous by thread: WebStudio Multiple XSS Vulnerabilities
Next by thread: 2007-06-03: PeerCast streaming server submits cleartext password
Index(es):
- Date
- Thread