Details of VAR-200609-0527

ID

VAR-200609-0527

CVE

CVE-2006-5038

TITLE

FiWin SS28S WiFi VoIP SIP/Skype Phone default built-in account vulnerability

Trust: 1.0

sources: IVD: 7d7c4191-463f-11e9-8055-000c29342cb1 // IVD: fa7c5ae8-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200609-476

DESCRIPTION

The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. FiWin SS28S is a wireless IP phone from Taiwan. FiWin SS28S has a default configuration error when processing access verification. Remote attackers may use this vulnerability to gain unauthorized access to sensitive information. FiWin SS28S opens the VxWorks Telnet port by default and uses a hard-coded username and password (1/1). This allows attackers to bypass authentication restrictions, run various debug commands, and obtain various sensitive information. An attacker can exploit this issue to bypass authentication and gain access to the device's administrative section. This could aid in further attacks. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Fi Win WiFi Phone SS28S Debug Console Security Issue SECUNIA ADVISORY ID: SA22041 VERIFY ADVISORY: http://secunia.com/advisories/22041/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Fi Win WiFi Phone SS28S http://secunia.com/product/12156/ DESCRIPTION: Zachary McGrew has reported a security issue in FiWin SS28S, which can be exploited by malicious people to gain unauthorised access to the phone. This can be exploited to e.g. disclose password information or perform various actions resulting in the phone crashing. SOLUTION: Use the product within trusted networks only. Use another product. PROVIDED AND/OR DISCOVERED BY: Zachary McGrew ORIGINAL ADVISORY: http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/page1/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.88

sources: NVD: CVE-2006-5038 // JVNDB: JVNDB-2006-001322 // CNVD: CNVD-2006-7318 // BID: 20154 // IVD: 7d7c4191-463f-11e9-8055-000c29342cb1 // IVD: fa7c5ae8-2353-11e6-abef-000c29c66e3d // PACKETSTORM: 50407

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 7d7c4191-463f-11e9-8055-000c29342cb1 // IVD: fa7c5ae8-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2006-7318

AFFECTED PRODUCTS

vendor:	fiwin	model:	ss28s wifi voip sip skype phone	scope:	eq	version:	2007-02-01	Trust: 1.6
vendor:	fiwin	model:	ss28s wifi voip sip skype phone	scope:	eq	version:	01_02_07	Trust: 0.8
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	ss28s wifi voip sip skype phone	model:	-	scope:	eq	version:	2007-02-01	Trust: 0.4
vendor:	fiwin	model:	ss28s wifi voip sip/skype phone 01 02 07	scope:	-	version:	-	Trust: 0.3

sources: IVD: 7d7c4191-463f-11e9-8055-000c29342cb1 // IVD: fa7c5ae8-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2006-7318 // BID: 20154 // JVNDB: JVNDB-2006-001322 // CNNVD: CNNVD-200609-476 // NVD: CVE-2006-5038

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-5038
value:	HIGH
Trust: 1.0
NVD:	CVE-2006-5038
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200609-476
value:	HIGH
Trust: 0.6
IVD:	7d7c4191-463f-11e9-8055-000c29342cb1
value:	HIGH
Trust: 0.2
IVD:	fa7c5ae8-2353-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2006-5038
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	7d7c4191-463f-11e9-8055-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	fa7c5ae8-2353-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 7d7c4191-463f-11e9-8055-000c29342cb1 // IVD: fa7c5ae8-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2006-001322 // CNNVD: CNNVD-200609-476 // NVD: CVE-2006-5038

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5038

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200609-476

TYPE

Access verification error

Trust: 1.0

sources: IVD: 7d7c4191-463f-11e9-8055-000c29342cb1 // IVD: fa7c5ae8-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200609-476

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001322

PATCH

title:

Top Page

url:

http://www.fiwin.com/

Trust: 0.8

sources: JVNDB: JVNDB-2006-001322

EXTERNAL IDS

db:	NVD	id:	CVE-2006-5038	Trust: 3.4
db:	BID	id:	20154	Trust: 1.9
db:	SECUNIA	id:	22041	Trust: 1.7
db:	CNVD	id:	CNVD-2006-7318	Trust: 1.0
db:	CNNVD	id:	CNNVD-200609-476	Trust: 1.0
db:	JVNDB	id:	JVNDB-2006-001322	Trust: 0.8
db:	FULLDISC	id:	20060921 FIWIN SS28S WIFI VOIP SIP/SKYPE PHONE HARDCODED TELNET USER/PASS AND DEBUG ACCESS	Trust: 0.6
db:	XF	id:	28	Trust: 0.6
db:	XF	id:	29114	Trust: 0.6
db:	IVD	id:	7D7C4191-463F-11E9-8055-000C29342CB1	Trust: 0.2
db:	IVD	id:	FA7C5AE8-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	50407	Trust: 0.1

sources: IVD: 7d7c4191-463f-11e9-8055-000c29342cb1 // IVD: fa7c5ae8-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2006-7318 // BID: 20154 // JVNDB: JVNDB-2006-001322 // PACKETSTORM: 50407 // CNNVD: CNNVD-200609-476 // NVD: CVE-2006-5038

REFERENCES

url:	http://www.securityfocus.com/bid/20154	Trust: 1.6
url:	http://www.osnews.com/story.php/15923/review-fiwin-ss28s-wifi-voip-sipskype-phone/	Trust: 1.6
url:	http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0391.html	Trust: 1.6
url:	http://secunia.com/advisories/22041	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/29114	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5038	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5038	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/29114	Trust: 0.6
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/22041/	Trust: 0.1
url:	http://secunia.com/quality_assurance_analyst/	Trust: 0.1
url:	http://www.osnews.com/story.php/15923/review-fiwin-ss28s-wifi-voip-sipskype-phone/page1/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/product/12156/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/web_application_security_specialist/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: JVNDB: JVNDB-2006-001322 // PACKETSTORM: 50407 // CNNVD: CNNVD-200609-476 // NVD: CVE-2006-5038

CREDITS

Zachary McGrew

Trust: 0.6

sources: CNNVD: CNNVD-200609-476

SOURCES

db:	IVD	id:	7d7c4191-463f-11e9-8055-000c29342cb1
db:	IVD	id:	fa7c5ae8-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2006-7318
db:	BID	id:	20154
db:	JVNDB	id:	JVNDB-2006-001322
db:	PACKETSTORM	id:	50407
db:	CNNVD	id:	CNNVD-200609-476
db:	NVD	id:	CVE-2006-5038

LAST UPDATE DATE

2024-08-14T14:47:52.931000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-7318	date:	2006-09-22T00:00:00
db:	BID	id:	20154	date:	2006-09-22T23:06:00
db:	JVNDB	id:	JVNDB-2006-001322	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200609-476	date:	2006-09-28T00:00:00
db:	NVD	id:	CVE-2006-5038	date:	2017-07-20T01:33:28.680

SOURCES RELEASE DATE

db:	IVD	id:	7d7c4191-463f-11e9-8055-000c29342cb1	date:	2006-09-22T00:00:00
db:	IVD	id:	fa7c5ae8-2353-11e6-abef-000c29c66e3d	date:	2006-09-22T00:00:00
db:	CNVD	id:	CNVD-2006-7318	date:	2006-09-22T00:00:00
db:	BID	id:	20154	date:	2006-09-22T00:00:00
db:	JVNDB	id:	JVNDB-2006-001322	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	50407	date:	2006-10-03T01:14:36
db:	CNNVD	id:	CNNVD-200609-476	date:	2006-09-27T00:00:00
db:	NVD	id:	CVE-2006-5038	date:	2006-09-27T23:07:00