Because of this undocumented backdoor, an attacker with physical access to the phone desk can gain root access to the device and connect to the Telnet service with root access level,” Matthias deeg told HackerNewser. Is.
Specifically, the issue is related to a previously unknown feature in a shell script called check_mft.sh in the phone’s firmware that is designed to run at boot time.
“The check_mft.sh shell script placed in the /etc directory checks whether the * and # keys are pressed at the same time during boot” is what this researcher said.
“Then the phone sets its IP address to 10.30.102.[.].102 and runs a Telnet server, and subsequently it is possible to login to the Telnet server using the fixed root password.”
Successful use of this flaw can allow access to sensitive information and code execution (malicious code components). This vulnerability affects the 6800 and 6900 series SIP phones, except for the 6970 model.
Users of vulnerable models are advised to update the firmware to the latest version to eliminate the risk of a “privilege escalation” attack.
This is not the first time that such loopholes have been discovered in firmware related to telecom, in December 2021, penetration tests by the RedTeam team revealed two such bugs in the hardware related to Auerswal’s Voip service, which could be exploited if exploited. lead to gaining admin access on the device.
thehackernews.com