CVE-2007-0528

Centrality Communications PA168 <1.54 - Info Disclosure

Title source: llm

Description

The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Adrian _pagvac_ Pastor · bashremotehardware

https://www.exploit-db.com/exploits/3189

View Code ZIP pw:eip

References (7)

[Third Party Advisory, VDB Entry] http://osvdb.org/32966

[Vendor Advisory] http://www.procheckup.com/Vulner_PR0614.php

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/457868/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3189

[Third Party Advisory] http://secunia.com/advisories/23919

[Third Party Advisory] http://secunia.com/advisories/23936

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/0346

Scores

EPSS 0.1501

EPSS Percentile 94.6%

Details

Status published

Products (1)

centrality_communications/pa168_chipset < firmware_1.54

Published Jan 26, 2007

Tracked Since Feb 18, 2026