Trustwave Locates New VOIP Device Backdoor →
Meanwhile, in the Infosecurity.US What-Could-Possibly-Go-Wrong Department, comes this El Reg news item detailing a report published by researchers at Trustwave, of an undocumented backdoor account in DBLTek GoIP products. The kicker you ask? DBLTek has so far failed to remediate the issue, and has left the 'door' swinging on it's creaky hinges... Oops.
"Trustwave recently reported a remotely exploitable issue in the Telnet administrative interface of numerous DblTek branded devices. The issue permits a remote attacker to gain a shell with root privileges on the affected device due to a vendor backdoor in the authentication procedure." - via the published Trustwave Report