here I’d like to add a exploit that I happened to discover during my exploration of telco networks.
There is a known exploit for “Sangoma SBC”, that allows you to login into the web config with an universal username of
And any password (it’s irrelevant).
You can read about it here:
You then have root access to the configuration and could change or crash the whole system.
What wasn’t mentioned in any of the articles I found, is the following:
If you go to to “Configuration” --> "Command execution"
You will be seeing this screen. If you click on the “Show Shell/NSG Commands” it lists some four or five commands. Normally you’d assume these are the commands you’re able/allowed to use.
However, when you type in and execute
then the output (it gives the results in html) is
And voila, you just have a root shell (although it’s a bit difficult to handle with the indirect html-output).
But you can send all commands and even access the juicy files and contents or set up a reverse shell.
Although I doubt that will be of use for anyone here, I thought I’d just let you know.
Just in case