Cisco ATA-186 HTTP Device Configuration Disclosure Vulnerability



source: http://www.securityfocus.com/bid/4711/info


The Cisco ATA-186 Analog Telephone Adapter is a hardware device designed to interface between analog telephones and Voice over IP (VoIP). It includes support for web based configuration.

Reportedly, HTTP requests consisting of a single character will cause the device to disclose sensitive configuration information, including the password to the administrative web interface.

curl -d a http://ata186.example.com/dev