Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses

Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices.

Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May 2022.

“Due to this undocumented backdoor, an attacker with physical access to a vulnerable desk phone can gain root access by pressing specific keys on system boot, and then connect to a provided Telnet service as root user,” SySS researcher Matthias Deeg said in a statement shared with The Hacker News.

Specifically, the issue relates to a previously unknown functionality present in a shell script (“”) in the phones’ firmware that’s designed to be executed at system boot.

“The shell script ‘,’ which is located in the directory ‘/etc’ on the phone, checks whether the keys ‘*’ and ‘#’ are pressed simultaneously during system startup,” the researchers said. “The phone then sets its IP address to ‘10.30.102[.]102’ and starts a Telnet server. A Telnet login can then be performed with a static root password.”

Successful exploitation of the flaws could allow access to sensitive information and code execution. The vulnerabilities impact 6800 and 6900 Series SIP phones, excluding the 6970 model.

Users of the affected models are recommended to update to the latest firmware version to mitigate any potential risk arising out of exploiting the privilege escalation attack.

This is not the first time such backdoor features have been discovered in telecommunications-related firmware. In December 2021, RedTeam Pentesting revealed two such bugs in Auerswald’s VoIP appliances that could be abused to gain full administrative access to the devices.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

The primary targets of this phishing campaign are located in the Ukrainian regions of Crimea, Donetsk, and Lugansk, which were…
CyberSecure Announces Strategic Alliance

CyberSecure Announces Strategic Alliance

BETHESDA, Md., March 24, 2023 /PRNewswire/ — Cybersecure IPS and LockDown Inc. jointly announce that they have entered a strategic alliance to…
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own…