Researchers at Trustwave are warning of a hidden backdoor in VoIP devices produced by Chinese manufacturer DBL Technology which could allow access by the manufacturer or malicious third parties.
The issue is with the authentication process, allowing a remote attacker to gain a shell with root privileges on an affected device, Trustwave researcher Neil Kettle explained in a blog post....
The issue was first spotted by Trustwave in an 8 port VoIP GSM Gateway from the company. However, it’s since been discovered present in GoIP 1, 4, 8, 16 and 32 and could affect many more DBL Technology devices and OEM kit.
More worryingly, when contacted last October, the firm did not (fully) fix the issue.
https://www.infosecurity-magazine.com/news/chinese-voip-kit-contains-backdoor/
Additional coverage from Bleeping Computer:
https://www.bleepingcomputer.com/news/security/hidden-backdoor-found-in-chinese-made-equipment-nothing-new-move-along/
↧
