CVE-2021-25681

HIGH

AdTran Personal Phone Mgr <10.8.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-25681. PoCs published by 3ndG4me.

AI-analyzed exploit summary The exploit describes a DNS exfiltration vulnerability in AdTran Personal Phone Manager 10.8.1, allowing arbitrary data tunneling over DNS via crafted GET requests. The affected devices (NetVanta 7060 and 7100) are EOL and unpatched.

Description

AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched

Exploits (1)

exploitdb WRITEUP
by 3ndG4me · textwebappshardware
https://www.exploit-db.com/exploits/49787

The exploit describes a DNS exfiltration vulnerability in AdTran Personal Phone Manager 10.8.1, allowing arbitrary data tunneling over DNS via crafted GET requests. The affected devices (NetVanta 7060 and 7100) are EOL and unpatched.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: AdTran Personal Phone Manager v10.8.1
No auth needed
Prerequisites: Exposed AdTran Personal Phone Manager web server · Control over a DNS server to collect exfiltrated data
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.1342
EPSS Percentile 95.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (1)
adtran/personal_phone_manager 10.8.1
Published Apr 20, 2021
Tracked Since Feb 18, 2026