PT-2021-16751 · Adtran · Netvanta 7060+2
Casey Erdmann
·
Published
2021-04-20
·
Updated
2024-08-03
·
CVE-2021-25681
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AdTran Personal Phone Manager version 10.8.1
Description
The issue allows for exfiltration of data over DNS, potentially enabling exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. The affected appliances, NetVanta 7060 and NetVanta 7100, are considered End of Life and will not receive a patch for this issue.
Recommendations
For AdTran Personal Phone Manager version 10.8.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Adtran Personal Phone Manager
Netvanta 7060
Netvanta 7100