Lucene search

[email protected]CVE-2005-3717

HistoryNov 21, 2005 - 11:03 a.m.

CVE-2005-3717

2005-11-2111:03:00

[email protected]

web.nvd.nist.gov

utstarcom

f1000

voip

wifi

phone

vxworks

default credentials

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.6%

JSON

The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username “target” and password “password”, which allows remote attackers to gain full access to the system.

Affected configurations

NVD

Node

utstarcomf1000_voip_wifi_phoneMatch2.0

CPENameOperatorVersion
utstarcom:f1000_voip_wifi_phoneutstarcom f1000 voip wifi phoneeq2.0

CPE	Name	Operator	Version
utstarcom:f1000_voip_wifi_phone	utstarcom f1000 voip wifi phone	eq	2.0

References

lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.html

secunia.com/advisories/17629

www.securityfocus.com/bid/15476

www.vupen.com/english/advisories/2005/2472

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.6%

JSON

Related for CVE-2005-3717

cvelist1 nvd1