Full Disclosure mailing list archives

Re: FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access

From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 22 Sep 2006 10:11:49 -0500

--On Thursday, September 21, 2006 17:14:40 -0700 Shawn Merdinger<shawnmer () gmail com> wrote:

Zachary McGrew has discovered and reported that the FiWin SS28S WiFi
VoIP SIP/Skype Phone with firmware version 01_02_07 has VxWorks Telnet
open with a hardcoded user/pass of 1/1.  Various debug commonds enable
viewing SIP credentials, WEP keys, etc. on the phone.

More details here:
http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSky
pe-Phone/

The engineers who designed this should be summarily fired. The terminalstupidity of it is mind boggling!


Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access Shawn Merdinger (Sep 22)
- Re: FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access Paul Schmehl (Sep 22)
  - Re: FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access Nick FitzGerald (Sep 22)
    - Re: FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access Shawn Merdinger (Sep 23)
  - Re: FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access pagvac (Sep 22)
    - Re: FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access pagvac (Sep 23)