Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Centrality Communications(又称Aredfox)PA168 chipset和firmware 会话管理和敏感信息泄露漏洞
Vulnerability Description
当由不同的IP电话提供时,Centrality Communications(又称Aredfox)PA168 chipset和firmware 1.54及之前版本执行的admin web控制台在使用HTTP时,没有要求身份认证标识或密码标识,这使得远程攻击者可以连接到现有的超级用户会话和获得敏感信息(密码和配置数据)。
CVSS Information
N/A
Vulnerability Type
N/A