CVE-2013-7382
VICIDIAL dialer <2.8-403a, 2.7, 2.7RC1 - Info Disclosure
Title source: llmDescription
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/29513
Scores
EPSS
0.0674
EPSS Percentile
91.3%
Details
CWE
CWE-255
Status
published
Products (2)
vicidial/vicidial
2.7 (2 CPE variants)
vicidial/vicidial
< 2.8
Published
May 17, 2014
Tracked Since
Feb 18, 2026