Find a vulnerability
Search criteria
3 vulnerabilities by fiwin
VAR-200609-0527
Vulnerability from variot - Updated: 2025-04-10 22:58The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. FiWin SS28S is a wireless IP phone from Taiwan.
FiWin SS28S has a default configuration error when processing access verification. Remote attackers may use this vulnerability to gain unauthorized access to sensitive information.
FiWin SS28S opens the VxWorks Telnet port by default and uses a hard-coded username and password (1/1). This allows attackers to bypass authentication restrictions, run various debug commands, and obtain various sensitive information. An attacker can exploit this issue to bypass authentication and gain access to the device's administrative section. This could aid in further attacks.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Fi Win WiFi Phone SS28S Debug Console Security Issue
SECUNIA ADVISORY ID: SA22041
VERIFY ADVISORY: http://secunia.com/advisories/22041/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From local network
OPERATING SYSTEM: Fi Win WiFi Phone SS28S http://secunia.com/product/12156/
DESCRIPTION: Zachary McGrew has reported a security issue in FiWin SS28S, which can be exploited by malicious people to gain unauthorised access to the phone. This can be exploited to e.g. disclose password information or perform various actions resulting in the phone crashing.
SOLUTION: Use the product within trusted networks only.
Use another product.
PROVIDED AND/OR DISCOVERED BY: Zachary McGrew
ORIGINAL ADVISORY: http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/page1/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0527",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ss28s wifi voip sip skype phone",
"scope": "eq",
"trust": 1.6,
"vendor": "fiwin",
"version": "2007-02-01"
},
{
"model": "ss28s wifi voip sip skype phone",
"scope": "eq",
"trust": 0.8,
"vendor": "fiwin",
"version": "01_02_07"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "ss28s wifi voip sip skype phone",
"version": "2007-02-01"
},
{
"model": "ss28s wifi voip sip/skype phone 01 02 07",
"scope": null,
"trust": 0.3,
"vendor": "fiwin",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-7318"
},
{
"db": "BID",
"id": "20154"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:fiwin:ss28s_wifi_voip_sip_skype_phone",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zachary McGrew",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
}
],
"trust": 0.6
},
"cve": "CVE-2006-5038",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-5038",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7c4191-463f-11e9-8055-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-5038",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-5038",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-476",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. FiWin SS28S is a wireless IP phone from Taiwan. \n\n\u00a0FiWin SS28S has a default configuration error when processing access verification. Remote attackers may use this vulnerability to gain unauthorized access to sensitive information. \n\n\u00a0FiWin SS28S opens the VxWorks Telnet port by default and uses a hard-coded username and password (1/1). This allows attackers to bypass authentication restrictions, run various debug commands, and obtain various sensitive information. \nAn attacker can exploit this issue to bypass authentication and gain access to the device\u0027s administrative section. This could aid in further attacks. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nFi Win WiFi Phone SS28S Debug Console Security Issue\n\nSECUNIA ADVISORY ID:\nSA22041\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22041/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nFi Win WiFi Phone SS28S\nhttp://secunia.com/product/12156/\n\nDESCRIPTION:\nZachary McGrew has reported a security issue in FiWin SS28S, which\ncan be exploited by malicious people to gain unauthorised access to\nthe phone. \nThis can be exploited to e.g. disclose password information or perform\nvarious actions resulting in the phone crashing. \n\nSOLUTION:\nUse the product within trusted networks only. \n\nUse another product. \n\nPROVIDED AND/OR DISCOVERED BY:\nZachary McGrew\n\nORIGINAL ADVISORY:\nhttp://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/page1/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5038"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"db": "CNVD",
"id": "CNVD-2006-7318"
},
{
"db": "BID",
"id": "20154"
},
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "50407"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-5038",
"trust": 3.4
},
{
"db": "BID",
"id": "20154",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "22041",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2006-7318",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001322",
"trust": 0.8
},
{
"db": "FULLDISC",
"id": "20060921 FIWIN SS28S WIFI VOIP SIP/SKYPE PHONE HARDCODED TELNET USER/PASS AND DEBUG ACCESS",
"trust": 0.6
},
{
"db": "XF",
"id": "28",
"trust": 0.6
},
{
"db": "XF",
"id": "29114",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D7C4191-463F-11E9-8055-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "FA7C5AE8-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "50407",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-7318"
},
{
"db": "BID",
"id": "20154"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"db": "PACKETSTORM",
"id": "50407"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"id": "VAR-200609-0527",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-7318"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-7318"
}
]
},
"last_update_date": "2025-04-10T22:58:01.336000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.fiwin.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/20154"
},
{
"trust": 1.6,
"url": "http://www.osnews.com/story.php/15923/review-fiwin-ss28s-wifi-voip-sipskype-phone/"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0391.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22041"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29114"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5038"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5038"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/29114"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22041/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://www.osnews.com/story.php/15923/review-fiwin-ss28s-wifi-voip-sipskype-phone/page1/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12156/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"db": "PACKETSTORM",
"id": "50407"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-7318"
},
{
"db": "BID",
"id": "20154"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"db": "PACKETSTORM",
"id": "50407"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-22T00:00:00",
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"date": "2006-09-22T00:00:00",
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2006-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-7318"
},
{
"date": "2006-09-22T00:00:00",
"db": "BID",
"id": "20154"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"date": "2006-10-03T01:14:36",
"db": "PACKETSTORM",
"id": "50407"
},
{
"date": "2006-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"date": "2006-09-27T23:07:00",
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-7318"
},
{
"date": "2006-09-22T23:06:00",
"db": "BID",
"id": "20154"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"date": "2006-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiWin SS28S WiFi VoIP SIP/Skype Phone default built-in account vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access verification error",
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
}
],
"trust": 1.0
}
}
CVE-2006-5038 (GCVE-0-2006-5038)
Vulnerability from nvd – Published: 2006-09-27 23:00 – Updated: 2024-08-07 19:32- n/a
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/20154 | vdb-entryx_refsource_BID |
| http://www.osnews.com/story.php/15923/Review-FiWi… | x_refsource_MISC |
| http://secunia.com/advisories/22041 | third-party-advisoryx_refsource_SECUNIA |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20154"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/"
},
{
"name": "22041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22041"
},
{
"name": "20060921 FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0391.html"
},
{
"name": "fiwin-ss28s-default-account(29114)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20154"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/"
},
{
"name": "22041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22041"
},
{
"name": "20060921 FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0391.html"
},
{
"name": "fiwin-ss28s-default-account(29114)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20154"
},
{
"name": "http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/",
"refsource": "MISC",
"url": "http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/"
},
{
"name": "22041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22041"
},
{
"name": "20060921 FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0391.html"
},
{
"name": "fiwin-ss28s-default-account(29114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5038",
"datePublished": "2006-09-27T23:00:00.000Z",
"dateReserved": "2006-09-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:32:22.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5038 (GCVE-0-2006-5038)
Vulnerability from cvelistv5 – Published: 2006-09-27 23:00 – Updated: 2024-08-07 19:32- n/a
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/20154 | vdb-entryx_refsource_BID |
| http://www.osnews.com/story.php/15923/Review-FiWi… | x_refsource_MISC |
| http://secunia.com/advisories/22041 | third-party-advisoryx_refsource_SECUNIA |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20154"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/"
},
{
"name": "22041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22041"
},
{
"name": "20060921 FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0391.html"
},
{
"name": "fiwin-ss28s-default-account(29114)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20154"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/"
},
{
"name": "22041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22041"
},
{
"name": "20060921 FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0391.html"
},
{
"name": "fiwin-ss28s-default-account(29114)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20154"
},
{
"name": "http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/",
"refsource": "MISC",
"url": "http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/"
},
{
"name": "22041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22041"
},
{
"name": "20060921 FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0391.html"
},
{
"name": "fiwin-ss28s-default-account(29114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5038",
"datePublished": "2006-09-27T23:00:00.000Z",
"dateReserved": "2006-09-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:32:22.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}