Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NEWS] Uniden UIP1868P (VoIP Phone/Gateway) Default Password

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NEWS] Uniden UIP1868P (VoIP Phone/Gateway) Default Password
Date: 19 Feb 2006 15:56:42 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Uniden UIP1868P (VoIP Phone/Gateway) Default Password
------------------------------------------------------------------------


SUMMARY

" <http://www.packet8.net/about/uniden.asp> The Uniden Whole House VoIP 
Phone System (UIP1868P) makes setting up and using Packet8 Internet Phone 
Service a snap   just plug the Ethernet cable from your broadband modem 
into the Uniden 1868 base station, configure the built-in router and you 
re ready to go."

A default password for Uniden UIP1868P administration settings allows 
attacks to gain full control over the VoIP system.

DETAILS

The Uniden VoIP (SIP based) phone which can be configured as a client as 
well as a gateway/router. There is sensitive information which you can 
obtain from the administrator interface such as the last 10 
incoming/outgoing phone-calls and the IP address/port of the SIP server 
which the gateway connects to.

By default the web admin interface uses a password with a value equals to 
"admin" (without quotation marks). Also, there is no username required, 
only password is required.
This means that the security of the device ultimately relies on knowing 
one string of characters, rather than two (username/password).

Some useful features include voice-mail service and the possibility to use 
the gateway from a wireless phone. It supports up to 10 wireless handsets 
so you can make your VoIP phone-calls from anywhere in your room. 
attackers may pick up wifi signal to connect to the UIP1868P gateway and 
make phone-calls of the victim's expense.

Once admin access to this VoIP phone/gateway is obtained, the device 
becomes vulnerable to the same attacks as regular routers would after 
being compromised:

 - placing internal hosts (internal IP address can be obtained from DHCP 
table) on the DMZ, thus exposing them to the Internet
 - setting up port-forwarding to internal hosts
 - shutting down/resetting the device (DoS attack)

Any of the first two attacks would make port-scanning and exploitation 
against internal hosts possible. However, both of these attacks only apply 
in cases in which the UIP1868P is being used as a gateway
(Internet router).


ADDITIONAL INFORMATION

The information has been provided by  <mailto:unknown.pentester@gmail.com> 
pagvac.
The original article can be found at:  
<http://www.ikwt.com/projects/Uniden.UIP1868P.txt> 
http://www.ikwt.com/projects/Uniden.UIP1868P.txt



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NEWS] Uniden UIP1868P (VoIP Phone/Gateway) Default Password, SecuriTeam <=
Previous by Date:  [EXPL] Windows Media Player BMP Buffer Overflow Exploit (MS06-005), SecuriTeam
Next by Date:  [UNIX] Netcool/NeuSecure Multiple Information Disclosure, SecuriTeam
Previous by Thread:  [EXPL] Windows Media Player BMP Buffer Overflow Exploit (MS06-005), SecuriTeam
Next by Thread:  [UNIX] Netcool/NeuSecure Multiple Information Disclosure, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]