{"id":183,"date":"2006-02-02T16:05:52","date_gmt":"2006-02-02T16:05:52","guid":{"rendered":"http:\/\/gaisan.com\/wordp\/?p=183"},"modified":"2006-02-02T16:05:52","modified_gmt":"2006-02-02T16:05:52","slug":"utstarcom-f1000","status":"publish","type":"post","link":"http:\/\/gaisan.com\/blogs\/?p=183","title":{"rendered":"UTStarCom F1000"},"content":{"rendered":"<p>Another great reason to use your WiFi phone behind a reliable firewall, at home, in the dark. The list of vulnerabilities on this baby include open and immutable SNMP settings, open telnet and rlogin access. Ouch!<br \/>\nI guess we won&#8217;t be administering this one via SNMP. Here&#8217;s the lowdown from <a href=\"http:\/\/www.securiteam.com\/securitynews\/6R00M0AELM.html\">securiteam<\/a><br \/>\nHere&#8217;s a quote:<\/p>\n<blockquote><p><em>&#8220;UTstarcom F1000 VoIP Wifi Phone rlogin (TCP\/513) unauthenticated access:<br \/>\nThe phone&#8217;s rlogin port TCP\/513 is listening by default and requires no authentication. An attacker connecting to the phone via telnet\/netcat is dropped into a shell without any login. The shell provides an attacker full access to the Vxworks OS, including debugging, direct memory dumping\/injection, read\/write device, user and network configuration files, enable\/disable\/restart services, remote reboot.&#8221;<\/em><\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Another great reason to use your WiFi phone behind a reliable firewall, at home, in the dark. The list of vulnerabilities on this baby include open and immutable SNMP settings, open telnet and rlogin access. Ouch! I guess we won&#8217;t be administering this one via SNMP. Here&#8217;s the lowdown from securiteam Here&#8217;s a quote: &#8220;UTstarcom [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"_links":{"self":[{"href":"http:\/\/gaisan.com\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/183"}],"collection":[{"href":"http:\/\/gaisan.com\/blogs\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/gaisan.com\/blogs\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/gaisan.com\/blogs\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/gaisan.com\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=183"}],"version-history":[{"count":0,"href":"http:\/\/gaisan.com\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/183\/revisions"}],"wp:attachment":[{"href":"http:\/\/gaisan.com\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/gaisan.com\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=183"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/gaisan.com\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}