exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

Files from Moritz Abrell

First Active2022-06-20
Last Active2023-08-16
AudioCodes VoIP Phones Hardcoded Key
Posted Aug 16, 2023
Authored by Moritz Abrell | Site syss.de

The AudioCodes VoIP phones can be managed centrally, whereby configuration files are provided and requested by the phones at a central location. These configuration files can also be provided in encrypted form. This is intended to protect sensitive information within the configuration files from unauthorized access. Due to the use of a hardcoded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information. Firmware versions greater than or equal to 3.4.8.M4 are affected.

tags | exploit
advisories | CVE-2023-22956
SHA-256 | aa8123253e08b34d540bf926ba4a87654940b99a7e069721ef96a63db69bac95
AudioCodes VoIP Phones Hardcoded Key
Posted Aug 16, 2023
Authored by Moritz Abrell | Site syss.de

The AudioCodes VoIP phones store sensitive information, e.g. credentials and passwords, in encrypted form in their configuration files. These encrypted values can also be automatically configured, e.g. via the "One Voice Operation Center" or other central device management solutions. Due to the use of a hardcoded cryptographic key, an attacker with access to these configuration files is able to decrypt the encrypted values and retrieve sensitive information, e.g. the device root password. Firmware versions greater than or equal to 3.4.8.M4 are affected.

tags | exploit, root
advisories | CVE-2023-22957
SHA-256 | 29414b5c1036f3966c46308f74f15451f22b582e783e487f7aa45422c6dfd70f
AudioCodes VoIP Phones Insufficient Firmware Validation
Posted Aug 16, 2023
Authored by Matthias Deeg, Moritz Abrell | Site syss.de

AudioCodes VoIP Phones with firmware versions greater than or equal to 3.4.4.1000 have been found to have validation of firmware images that only consists of simple checksum checks for different firmware components.

tags | exploit
advisories | CVE-2023-22955
SHA-256 | 87f14d8fb3d841332987f94e0d0b781df7d013b6b805f919c5e4b88c417fe4f0
Mitel 6800/6900 Series SIP Phones Backdoor Access
Posted Jun 20, 2022
Authored by Moritz Abrell | Site syss.de

Mitel 6800/6900 Series SIP Phones excluding 6970 and Mitel 6900 Series IP (MiNet) Phones have a flow to spawn a telnet backdoor on the device with a static root password enabled. Affected versions include Rel 5.1 SP8 (5.1.0.8016) and earlier, Rel 6.0 (6.0.0.368) to 6.1 HF4 (6.1.0.165), and MiNet 1.8.0.12 and earlier.

tags | exploit, root
advisories | CVE-2022-29854, CVE-2022-29855
SHA-256 | f64facd6fb1f0b3cf63d9849292f052e8efccb8ebd488f773fe95e1a28e11171
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close