Phone security related for GXP21xx serıes


#1

Dear All,
I’m doing a research on risks for our company. What are the risks and consequences of not changing the default passwords of phones’ web interface?

Thank you


#2

In the latter firmware, you are required to change it,

The risks are that the default passwords are just that, default, and like all default passwords, very easy to guess. As a result, anyone in the network can access a phone and change its setting at will which can render the phone inoperative or can set up call forwards such that the phone might call out to destinations that are undesirable and with costs.

Like all password protected devices. the intent is to provide access to those that have a legitimate need and to deny access to all others. There is no real difference between a password on a phone and a password on a computer. It is a protective feature and it is my opinion that there is no reason not to change the default to something else.


#3

Even worse: he can access via SSH and get all parameters from account.