Description
The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration.
References (3)
Core 3
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17628
Various Sources x_refsource_misc
http://www.hitachi-cable.co.jp/ICSFiles/infosystem/security/76659792_e.pdf
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=113217425618951&w=2
Scores
EPSS
0.0055
EPSS Percentile
68.2%
Details
Status
published
Products (7)
hitachi/ip5000_voip_wifi_phone
1.5.0
hitachi/ip5000_voip_wifi_phone
1.5.2
hitachi/ip5000_voip_wifi_phone
1.5.4
hitachi/ip5000_voip_wifi_phone
1.5.5
hitachi/ip5000_voip_wifi_phone
1.5.6
hitachi/ip5000_voip_wifi_phone
1.5.8
hitachi/ip5000_voip_wifi_phone
1.5.10
Published
Nov 21, 2005
Tracked Since
Feb 18, 2026