CVE-2021-25681

HIGH

AdTran Personal Phone Mgr <10.8.1 - Info Disclosure

Title source: llm

Description

AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched

Exploits (1)

exploitdb WRITEUP

by 3ndG4me · textwebappshardware

https://www.exploit-db.com/exploits/49787

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://adtran.com

[Exploit, Third Party Advisory] https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25681.md

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/162280/Adtran-Personal-Phone-Manager-10.8.1-DNS-Exfiltration.html

Scores

CVSS v3 7.5

EPSS 0.1262

EPSS Percentile 94.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

adtran/personal_phone_manager 10.8.1

Published Apr 20, 2021

Tracked Since Feb 18, 2026