Описание
The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:h:hitachi:ip5000_voip_wifi_phone:1.5.0:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:ip5000_voip_wifi_phone:1.5.2:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:ip5000_voip_wifi_phone:1.5.4:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:ip5000_voip_wifi_phone:1.5.5:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:ip5000_voip_wifi_phone:1.5.6:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:ip5000_voip_wifi_phone:1.5.8:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:ip5000_voip_wifi_phone:1.5.10:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00549
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration.
EPSS
Процентиль: 67%
0.00549
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other