CVE-2007-0528

Centrality Communications PA168 <1.54 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0528. PoCs published by Adrian _pagvac_ Pastor.

AI-analyzed exploit summary This exploit targets a weak session management vulnerability in IP phones using the PA168 chipset, allowing an attacker to bypass authentication and retrieve sensitive information (e.g., passwords, SIP credentials) by repeatedly polling the admin settings page while a superuser session is active.

Description

The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Adrian _pagvac_ Pastor · bashremotehardware

https://www.exploit-db.com/exploits/3189

View Code ZIP pw:eip

This exploit targets a weak session management vulnerability in IP phones using the PA168 chipset, allowing an attacker to bypass authentication and retrieve sensitive information (e.g., passwords, SIP credentials) by repeatedly polling the admin settings page while a superuser session is active.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: IP Phones based on Centrality Communications/Aredfox PA168 chipset (e.g., ATCOM AT-320ED, SOYO G668)

No auth needed

Prerequisites: Network access to the target IP phone's web interface · Superuser session must be active on the target device

MITRE ATT&CK