Polycom KIRK Wireless Server 6000 Multiple Vulnerabilities

Polycom KIRK Wireless Server 6000 (Shodan search) contains a couple of flaws. I tested the following firmware – PCS13A_ Build 40450 and PCS05B_ 25258

#1 Default Admin Credentials

According to the manual the web interface has default credentials.

The default user name of the system is admin and the default password of the system is ip6000. It is strongly recommeded to change the password, refer to “Changing System User Name and Password” on page 15-2.

#2 Default HTTP Transport

By default the device uses HTTP so all traffic including the admin credentials are transmitted in cleartext:

kirk-01

Advertisements

Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: