Vulnerability Description
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Centrality Communications | Pa168 Chipset | <= firmware_1.54 |
References
- http://osvdb.org/32966
- http://secunia.com/advisories/23919
- http://secunia.com/advisories/23936
- http://www.procheckup.com/Vulner_PR0614.phpVendor Advisory
- http://www.securityfocus.com/archive/1/457868/100/0/threaded
- http://www.vupen.com/english/advisories/2007/0346
- https://www.exploit-db.com/exploits/3189
- http://osvdb.org/32966
- http://secunia.com/advisories/23919
- http://secunia.com/advisories/23936
- http://www.procheckup.com/Vulner_PR0614.phpVendor Advisory
- http://www.securityfocus.com/archive/1/457868/100/0/threaded
- http://www.vupen.com/english/advisories/2007/0346
- https://www.exploit-db.com/exploits/3189
FAQ
What is CVE-2007-0528?
CVE-2007-0528 is a vulnerability with a CVSS score of 9.0 (HIGH). The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentica...
How severe is CVE-2007-0528?
CVE-2007-0528 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0528?
Check the references section above for vendor advisories and patch information. Affected products include: Centrality Communications Pa168 Chipset.