[VoiceOps] New SPA2100/2102/1001 exploit in the wild?

David Thompson dthompson at esi-estech.com
Mon Oct 14 19:20:18 EDT 2013

Are you making certain that they aren't publically accessable w/default
user name password? Also check your device provisioning server and make
certain that indexing isn't enabled. Someone could be browsing through
your config files and lifting them from there but I think the
configuration files are all binary and not text readable.

David Thompson
Network Services Support Technician
(O) 858.357.8794
(F) 858-225-1882
(E) dthompson at esi-estech.com
(W) www.esi-estech.com

-----Original Message-----
From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Ryan
Sent: Monday, October 14, 2013 4:09 PM
To: voiceops at voiceops.org
Subject: [VoiceOps] New SPA2100/2102/1001 exploit in the wild?

Hey all,
I am seeing my fraud-o-meter tick up as of yesterday and it all seems to
be driven by accounts attached to these devices. We have taken measures to
start locking this down but I am wondering if anyone out there is seeing

It looks like somehow legacy devices that have been deployed for 5+ years
are having accounts lifted out of them.

Does anyone have info on this exploit, or if you are seeing this as well
and want to compare notes feel free to ping me.

VoiceOps mailing list
VoiceOps at voiceops.org

More information about the VoiceOps mailing list