Vulnerability Description
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advantage Century Telecommunication | P202S | 1.01.21_firmware_1.1.21 |
Related Weaknesses (CWE)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041434.htmlVendor Advisory
- http://secunia.com/advisories/18514Vendor Advisory
- http://www.securityfocus.com/bid/16288
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24149
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041434.htmlVendor Advisory
- http://secunia.com/advisories/18514Vendor Advisory
- http://www.securityfocus.com/bid/16288
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24149
FAQ
What is CVE-2006-0374?
CVE-2006-0374 is a vulnerability with a CVSS score of 7.5 (HIGH). Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive informati...
How severe is CVE-2006-0374?
CVE-2006-0374 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0374?
Check the references section above for vendor advisories and patch information. Affected products include: Advantage Century Telecommunication P202S.