Vulnerability Description
UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 does not allow users to disable access to (1) SNMP or (2) the rlogin port TCP 513, which allows remote attackers to exploit other vulnerabilities such as CVE-2005-3716, or execute arbitrary shell commands via rlogin, which does not require authentication.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Utstarcom | F1000 Voip Wifi Phone | 2.0 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.htmlVendor Advisory
- http://secunia.com/advisories/17629Vendor Advisory
- http://www.securityfocus.com/bid/15476
- http://www.vupen.com/english/advisories/2005/2472
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.htmlVendor Advisory
- http://secunia.com/advisories/17629Vendor Advisory
- http://www.securityfocus.com/bid/15476
- http://www.vupen.com/english/advisories/2005/2472
FAQ
What is CVE-2005-3718?
CVE-2005-3718 is a vulnerability with a CVSS score of 7.5 (HIGH). UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 does not allow users to disable access to (1) SNMP or (2) the rlogin port TCP 513, which allows remote attackers to expl...
How severe is CVE-2005-3718?
CVE-2005-3718 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3718?
Check the references section above for vendor advisories and patch information. Affected products include: Utstarcom F1000 Voip Wifi Phone.