PT-2019-12756 · Akuvox · Akuvox R50P Voip Phone

Published

2019-07-22

Updated

2019-10-09

CVE-2019-12327

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Akuvox R50P VoIP phone version 50.0.6.156

Description The issue concerns hardcoded credentials, which allow an attacker to access the device via telnet. The telnet service runs on port 2323 and cannot be disabled. Additionally, the credentials cannot be modified.

Recommendations For Akuvox R50P VoIP phone version 50.0.6.156, as a temporary workaround, consider restricting access to port 2323 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2019-12327

Affected Products

Akuvox R50P Voip Phone

PT-2019-12756 · Akuvox · Akuvox R50P Voip Phone

CVE-2019-12327

Weakness Enumeration

Related Identifiers

Affected Products

References · 3