Description
The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Patrick Michael Kane · textremotehardware
https://www.exploit-db.com/exploits/21441
References (6)
Core 6
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4711
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9056.php
Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9057.php
Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4712
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-05/0083.html
Scores
EPSS
0.0545
EPSS Percentile
90.3%
Details
Status
published
Products (1)
cisco/ata-186
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026