[VoiceOps] New SPA2100/2102/1001 exploit in the wild?
dthompson at esi-estech.com
Mon Oct 14 19:20:18 EDT 2013
Are you making certain that they aren't publically accessable w/default
user name password? Also check your device provisioning server and make
certain that indexing isn't enabled. Someone could be browsing through
your config files and lifting them from there but I think the
configuration files are all binary and not text readable.
Network Services Support Technician
(E) dthompson at esi-estech.com
From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Ryan
Sent: Monday, October 14, 2013 4:09 PM
To: voiceops at voiceops.org
Subject: [VoiceOps] New SPA2100/2102/1001 exploit in the wild?
I am seeing my fraud-o-meter tick up as of yesterday and it all seems to
be driven by accounts attached to these devices. We have taken measures to
start locking this down but I am wondering if anyone out there is seeing
It looks like somehow legacy devices that have been deployed for 5+ years
are having accounts lifted out of them.
Does anyone have info on this exploit, or if you are seeing this as well
and want to compare notes feel free to ping me.
VoiceOps mailing list
VoiceOps at voiceops.org
More information about the VoiceOps