PT-2005-4471 · Wind River+1 · Wind+2
Published
2005-11-21
·
Updated
2024-02-13
·
CVE-2005-3716
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6
Description
The issue concerns hard-coded public credentials in the SNMP daemon that cannot be changed, allowing attackers to obtain sensitive information.
Recommendations
For UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6, consider disabling the SNMP daemon until a patch is available to prevent exploitation of the hard-coded credentials.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Utstarcom F1000 Voip Wifi Phone
Vxworks
Wind