|
[Japanese]
|
JVNDB-2005-000782
|
WirelessIP5000 has multiple vulnerabilities
|
|
WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities;
- Illegal access using the port TCP3390
- SNMP access using an arbitrary community name
- Access to the HTTP server by an unauthorized user in the factory default configuration
- The HTTP server shows detailed information that can be used by an attacker to attempt attacks
- The factory default password for administrator account is easily guessed
|
|
CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
Hitachi Cable
- WirelessIP5000 1.5.10 and earlier
|
|
|
These vulnerabilities may allow an attacker to conduct the following attacks:
- Illegal information collection
- Change of the configuration using SNMP protocol, web browsers, etc.
- Denial of service (DoS) attacks using information which the HTTP server provides
- Impersonation and information retrieval using the administrator's password
|
|
|
|
Hitachi Cable
|
|
|
|
- CVE-2005-3720
|
|
- JVN : JVN#76659792
- National Vulnerability Database (NVD) : CVE-2005-3720
- Secunia Advisory : SA17628
|
|
- [2008/05/21]
Web page published
|
