Default Password (000000) for 'admin' on WIP5000 IP Phone

critical Nessus Plugin ID 34217

Synopsis

The remote IP phone has a default password set for the 'admin' user

Description

The remote host is a WIP5000 VOIP phone. The remote host has the default password set for the 'admin' user ('000000').

An attacker may connect to it and reconfigure it using this account.

Solution

Connect to this port with a web browser and set a strong password, or change the password from the handheld device directly.

Plugin Details

Severity: Critical

ID: 34217

File Name: wip5000_default_admin_password.nasl

Version: 1.15

Type: remote

Family: Misc.

Published: 9/16/2008

Updated: 8/7/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only