Multiple VOIP Phones Aredfox PA168 Chipset Session Hijacking Vulnerability

Multiple VOIP Phones Aredfox PA168 Chipset Session Hijacking Vulnerability

Multiple VoIP phones using the Aredfox PA168 Chipset are prone to a session-hijacking vulnerability due to a design error.

An attacker can exploit this issue to gain administrative access to the embedded webserver running on the affected device. This may allow attackers to completely compromise affected devices.

VoIP phones using the Aredfox PA168 chipset with SIP Firmware V1.42 and 1.54 are vulnerable.