The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration.
http://www.hitachi-cable.co.jp/ICSFiles/infosystem/security/76659792_e.pdf