← back
CVE-2024-28066

CVE-2024-28066

CVSS 8.8 HIGHEPSS 0.5%CWE-1391CWE-259
In short

The Unify CP IP Phone firmware version 1.10.4.3 contains a hardcoded root password that cannot be changed, allowing anyone who discovers it to gain full administrative access to the device.

Technical detail

The firmware uses hardcoded credentials for root-level access (CWE-259), enabling unauthenticated or low-privileged attackers to obtain complete control over the phone via local or network access. This weak credential implementation (CWE-1391) bypasses normal authentication mechanisms and allows unauthorized system configuration, data access, and device manipulation.

Summary generated and translated by AI from the official description.
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://syss.dehttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt