No less than 19 vulnerabilities were discovered in popular low-cost routers with tools for business users. These vulnerabilities would allow criminals to eavesdrop on conversations, initiate fraudulent phone calls, and even pivot further into the internal network.
The flaws were discovered by security researchers at Tenable Research, who claim that Cisco VoIP adapters from the SPA100 Series were vulnerable all around. Leveraging these flaws would allow criminals to completely compromise the adapter’s web interface, as well as the underlying operating system.
Criminals would be able to steal credentials, create superusers (with maximum privileges) and execute arbitrary code. Tenable informed Cisco PSIRT of the 19 vulnerabilities across 7 Cisco security advisories, and as a result, Cisco has addressed these flaws in their SPA 100 Series 1.4.1 SR5 firmware release.
The Cisco VoIP adapters from the SPA100 Series are Analogue Telephone Adapters, capable of connecting a landline phone to the VoIP network. Researchers are claiming they have a “gigantic attack surface”, as they “speak a busload of network protocols”.
Using Shodan, the researchers identified a total of 3,662 potentially vulnerable devices (1856 total SPA112 devices and 1806 total SPA122 devices).
Those interested in learning more about the vulnerabilities should read the detailed Tenable Research blog post here.