VAR-200609-0527

Vulnerability from variot - Updated: 2025-04-10 22:58

The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. FiWin SS28S is a wireless IP phone from Taiwan.

FiWin SS28S has a default configuration error when processing access verification. Remote attackers may use this vulnerability to gain unauthorized access to sensitive information.

FiWin SS28S opens the VxWorks Telnet port by default and uses a hard-coded username and password (1/1). This allows attackers to bypass authentication restrictions, run various debug commands, and obtain various sensitive information. An attacker can exploit this issue to bypass authentication and gain access to the device's administrative section. This could aid in further attacks.


Want to work within IT-Security?

Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.

Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/


TITLE: Fi Win WiFi Phone SS28S Debug Console Security Issue

SECUNIA ADVISORY ID: SA22041

VERIFY ADVISORY: http://secunia.com/advisories/22041/

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE:

From local network

OPERATING SYSTEM: Fi Win WiFi Phone SS28S http://secunia.com/product/12156/

DESCRIPTION: Zachary McGrew has reported a security issue in FiWin SS28S, which can be exploited by malicious people to gain unauthorised access to the phone. This can be exploited to e.g. disclose password information or perform various actions resulting in the phone crashing.

SOLUTION: Use the product within trusted networks only.

Use another product.

PROVIDED AND/OR DISCOVERED BY: Zachary McGrew

ORIGINAL ADVISORY: http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/page1/


About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


Show details on source website

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0527",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ss28s wifi voip sip skype phone",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fiwin",
        "version": "2007-02-01"
      },
      {
        "model": "ss28s wifi voip sip skype phone",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fiwin",
        "version": "01_02_07"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.6,
        "vendor": "none",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "ss28s wifi voip sip skype phone",
        "version": "2007-02-01"
      },
      {
        "model": "ss28s wifi voip sip/skype phone 01 02 07",
        "scope": null,
        "trust": 0.3,
        "vendor": "fiwin",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7c4191-463f-11e9-8055-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2006-7318"
      },
      {
        "db": "BID",
        "id": "20154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-476"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5038"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:fiwin:ss28s_wifi_voip_sip_skype_phone",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001322"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Zachary McGrew",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-476"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-5038",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2006-5038",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "7d7c4191-463f-11e9-8055-000c29342cb1",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-5038",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2006-5038",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-476",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "7d7c4191-463f-11e9-8055-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7c4191-463f-11e9-8055-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-476"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5038"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. FiWin SS28S is a wireless IP phone from Taiwan. \n\n\u00a0FiWin SS28S has a default configuration error when processing access verification. Remote attackers may use this vulnerability to gain unauthorized access to sensitive information. \n\n\u00a0FiWin SS28S opens the VxWorks Telnet port by default and uses a hard-coded username and password (1/1). This allows attackers to bypass authentication restrictions, run various debug commands, and obtain various sensitive information. \nAn attacker can exploit this issue to bypass authentication and gain access to the device\u0027s administrative section. This could aid in further attacks. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nFi Win WiFi Phone SS28S Debug Console Security Issue\n\nSECUNIA ADVISORY ID:\nSA22041\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22041/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nFi Win WiFi Phone SS28S\nhttp://secunia.com/product/12156/\n\nDESCRIPTION:\nZachary McGrew has reported a security issue in FiWin SS28S, which\ncan be exploited by malicious people to gain unauthorised access to\nthe phone. \nThis can be exploited to e.g. disclose password information or perform\nvarious actions resulting in the phone crashing. \n\nSOLUTION:\nUse the product within trusted networks only. \n\nUse another product. \n\nPROVIDED AND/OR DISCOVERED BY:\nZachary McGrew\n\nORIGINAL ADVISORY:\nhttp://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/page1/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5038"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001322"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2006-7318"
      },
      {
        "db": "BID",
        "id": "20154"
      },
      {
        "db": "IVD",
        "id": "7d7c4191-463f-11e9-8055-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "PACKETSTORM",
        "id": "50407"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-5038",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "20154",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "22041",
        "trust": 1.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2006-7318",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-476",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001322",
        "trust": 0.8
      },
      {
        "db": "FULLDISC",
        "id": "20060921 FIWIN SS28S WIFI VOIP SIP/SKYPE PHONE HARDCODED TELNET USER/PASS AND DEBUG ACCESS",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "28",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "29114",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "7D7C4191-463F-11E9-8055-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "FA7C5AE8-2353-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "50407",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7c4191-463f-11e9-8055-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2006-7318"
      },
      {
        "db": "BID",
        "id": "20154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001322"
      },
      {
        "db": "PACKETSTORM",
        "id": "50407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-476"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5038"
      }
    ]
  },
  "id": "VAR-200609-0527",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d7c4191-463f-11e9-8055-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2006-7318"
      }
    ],
    "trust": 0.1
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7c4191-463f-11e9-8055-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2006-7318"
      }
    ]
  },
  "last_update_date": "2025-04-10T22:58:01.336000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.fiwin.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001322"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5038"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/20154"
      },
      {
        "trust": 1.6,
        "url": "http://www.osnews.com/story.php/15923/review-fiwin-ss28s-wifi-voip-sipskype-phone/"
      },
      {
        "trust": 1.6,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0391.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/22041"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29114"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5038"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5038"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/29114"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/22041/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/quality_assurance_analyst/"
      },
      {
        "trust": 0.1,
        "url": "http://www.osnews.com/story.php/15923/review-fiwin-ss28s-wifi-voip-sipskype-phone/page1/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/12156/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/web_application_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001322"
      },
      {
        "db": "PACKETSTORM",
        "id": "50407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-476"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5038"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d7c4191-463f-11e9-8055-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2006-7318"
      },
      {
        "db": "BID",
        "id": "20154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001322"
      },
      {
        "db": "PACKETSTORM",
        "id": "50407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-476"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5038"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-22T00:00:00",
        "db": "IVD",
        "id": "7d7c4191-463f-11e9-8055-000c29342cb1"
      },
      {
        "date": "2006-09-22T00:00:00",
        "db": "IVD",
        "id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2006-09-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2006-7318"
      },
      {
        "date": "2006-09-22T00:00:00",
        "db": "BID",
        "id": "20154"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001322"
      },
      {
        "date": "2006-10-03T01:14:36",
        "db": "PACKETSTORM",
        "id": "50407"
      },
      {
        "date": "2006-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-476"
      },
      {
        "date": "2006-09-27T23:07:00",
        "db": "NVD",
        "id": "CVE-2006-5038"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2006-7318"
      },
      {
        "date": "2006-09-22T23:06:00",
        "db": "BID",
        "id": "20154"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001322"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-476"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2006-5038"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-476"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FiWin SS28S WiFi VoIP SIP/Skype Phone default built-in account vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "7d7c4191-463f-11e9-8055-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-476"
      }
    ],
    "trust": 1.0
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Access verification error",
    "sources": [
      {
        "db": "IVD",
        "id": "7d7c4191-463f-11e9-8055-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-476"
      }
    ],
    "trust": 1.0
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…