CVE-2007-0528
Published Jan 26, 2007
Last updated 6 years ago
Overview
- Description
- The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:centrality_communications:pa168_chipset:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0D97ED7-1757-49B2-98E8-6DD8192DC5A0",
"versionEndIncluding": "firmware_1.54"
}
],
"operator": "OR"
}
]
}
]