header-logo
Suggest Exploit
vendor:
ATA-186
by:
SecurityFocus
8.8
CVSS
HIGH
Cisco ATA-186 Configuration Disclosure
200
CWE
Product Name: ATA-186
Affected Version From: All
Affected Version To: All
Patch Exists: YES
Related CWE: CVE-2002-0674
CPE: o:cisco:ata_186
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Cisco ATA-186 Configuration Disclosure

A vulnerability exists in the Cisco ATA-186 Analog Telephone Adapter which allows an attacker to gain access to sensitive configuration information, including the password to the administrative web interface. This is achieved by sending an HTTP request consisting of a single character to the device.

Mitigation:

Administrators should ensure that the Cisco ATA-186 is not accessible from untrusted networks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4711/info

The Cisco ATA-186 Analog Telephone Adapter is a hardware device designed to interface between analog telephones and Voice over IP (VoIP). It includes support for web based configuration.

Reportedly, HTTP requests consisting of a single character will cause the device to disclose sensitive configuration information, including the password to the administrative web interface.

curl -d a http://ata186.example.com/dev

Navigation

Suggest Exploit

Services By CQR