VAR-200601-0333
Vulnerability from variot - Updated: 2025-04-03 22:14Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks. ACT P202S VOIP WIFI Phone allows remote debugger connections and remote unauthenticated administrative access. Successful exploitation of these vulnerabilities could allow a remote attacker to obtain debugging information from the device or cause a denial of service. Other attacks are also possible. ACT P202S VOIP WIFI Phones running firmware version 1.01.21 is prone to these issues. Due to code reuse, other devices and versions may also be affected.
TITLE: ACT WLAN Phone P202S Multiple Security Issues
SECUNIA ADVISORY ID: SA18514
VERIFY ADVISORY: http://secunia.com/advisories/18514/
CRITICAL: Less critical
IMPACT: Unknown, Security Bypass, Exposure of system information, DoS
WHERE:
From local network
OPERATING SYSTEM: ACT WLAN Phone P202S http://secunia.com/product/6843/
DESCRIPTION: Shawn Merdinger has reported some security issues in ACT WLAN Phone P202S, which can be exploited by malicious people to potentially disclose system information, potentially cause a DoS (Denial of Service), and bypass certain security restrictions.
2) An error caused due to the phone allowing connections to the echo service on port 7/tcp may be exploited to cause a DoS on other network devices.
3) An error caused due to the phone allowing connections to the rlogin service on port 513/tcp can be exploited to gain rlogin access to the phone without authentication.
It has also been reported that the phone has a hardcoded NTP server.
The security issues have been reported in version 1.01.21.
SOLUTION: Restrict use to within trusted networks only.
PROVIDED AND/OR DISCOVERED BY: Shawn Merdinger
ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041434.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200601-0333",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p202s",
"scope": "eq",
"trust": 1.6,
"vendor": "advantage century telecommunication",
"version": "1.01.21_firmware_1.1.21"
},
{
"model": "p202s",
"scope": "eq",
"trust": 0.8,
"vendor": "advantage century telecommunication",
"version": "1.01.21 firmware 1.1.21"
},
{
"model": "century telecommunication p202s voip wifi phone",
"scope": "eq",
"trust": 0.3,
"vendor": "advantage",
"version": "1.01.21"
}
],
"sources": [
{
"db": "BID",
"id": "16288"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003720"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-289"
},
{
"db": "NVD",
"id": "CVE-2006-0375"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:advantage_century_telecommunication:p202s",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003720"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Shawn Merdinger \u003cshawnmer@gmail.com\u003e.",
"sources": [
{
"db": "BID",
"id": "16288"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-289"
}
],
"trust": 0.9
},
"cve": "CVE-2006-0375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-0375",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-16483",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-0375",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2006-0375",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200601-289",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-16483",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16483"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003720"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-289"
},
{
"db": "NVD",
"id": "CVE-2006-0375"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks. ACT P202S VOIP WIFI Phone allows remote debugger connections and remote unauthenticated administrative access. Successful exploitation of these vulnerabilities could allow a remote attacker to obtain debugging information from the device or cause a denial of service. Other attacks are also possible. \nACT P202S VOIP WIFI Phones running firmware version 1.01.21 is prone to these issues. Due to code reuse, other devices and versions may also be affected. \n\nTITLE:\nACT WLAN Phone P202S Multiple Security Issues\n\nSECUNIA ADVISORY ID:\nSA18514\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18514/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nUnknown, Security Bypass, Exposure of system information, DoS\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nACT WLAN Phone P202S\nhttp://secunia.com/product/6843/\n\nDESCRIPTION:\nShawn Merdinger has reported some security issues in ACT WLAN Phone\nP202S, which can be exploited by malicious people to potentially\ndisclose system information, potentially cause a DoS (Denial of\nService), and bypass certain security restrictions. \n\n2) An error caused due to the phone allowing connections to the echo\nservice on port 7/tcp may be exploited to cause a DoS on other\nnetwork devices. \n\n3) An error caused due to the phone allowing connections to the\nrlogin service on port 513/tcp can be exploited to gain rlogin access\nto the phone without authentication. \n\nIt has also been reported that the phone has a hardcoded NTP server. \n\nThe security issues have been reported in version 1.01.21. \n\nSOLUTION:\nRestrict use to within trusted networks only. \n\nPROVIDED AND/OR DISCOVERED BY:\nShawn Merdinger\n\nORIGINAL ADVISORY:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041434.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0375"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003720"
},
{
"db": "BID",
"id": "16288"
},
{
"db": "VULHUB",
"id": "VHN-16483"
},
{
"db": "PACKETSTORM",
"id": "43164"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-0375",
"trust": 2.5
},
{
"db": "BID",
"id": "16288",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "18514",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003720",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200601-289",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20060116 ACT P202S VOIP WIRELESS PHONE MULTIPLE UNDOCUMENTED PORTS/SERVICES",
"trust": 0.6
},
{
"db": "XF",
"id": "24149",
"trust": 0.6
},
{
"db": "XF",
"id": "202",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-16483",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "43164",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16483"
},
{
"db": "BID",
"id": "16288"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003720"
},
{
"db": "PACKETSTORM",
"id": "43164"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-289"
},
{
"db": "NVD",
"id": "CVE-2006-0375"
}
]
},
"id": "VAR-200601-0333",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-16483"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:14:24.223000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-january/041434.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/16288"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18514"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24149"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0375"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-0375"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/24149"
},
{
"trust": 0.3,
"url": "http://www.act-tel.com.tw/_pg/products/productitem.asp?productkey=54"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6843/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18514/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16483"
},
{
"db": "BID",
"id": "16288"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003720"
},
{
"db": "PACKETSTORM",
"id": "43164"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-289"
},
{
"db": "NVD",
"id": "CVE-2006-0375"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-16483"
},
{
"db": "BID",
"id": "16288"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003720"
},
{
"db": "PACKETSTORM",
"id": "43164"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-289"
},
{
"db": "NVD",
"id": "CVE-2006-0375"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-16483"
},
{
"date": "2006-01-17T00:00:00",
"db": "BID",
"id": "16288"
},
{
"date": "2013-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003720"
},
{
"date": "2006-01-19T02:04:53",
"db": "PACKETSTORM",
"id": "43164"
},
{
"date": "2006-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200601-289"
},
{
"date": "2006-01-22T20:03:00",
"db": "NVD",
"id": "CVE-2006-0375"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-16483"
},
{
"date": "2006-01-17T00:00:00",
"db": "BID",
"id": "16288"
},
{
"date": "2013-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003720"
},
{
"date": "2006-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200601-289"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-0375"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200601-289"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VxWorks Run on Advantage Century Telecommunication P202S IP Phone Vulnerabilities that provide incorrect time information in some firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003720"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "16288"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-289"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…