Two backdoors detected in Auerswald VoIP ystem

The backdoors were detected during penetration testing by RedTeam Pentesting GmbH.

On December 20th,  it was reported that a backdoor was found in the network of a US Federal Agency. Now, RedTeam Pentesting researchers have identified multiple backdoors in a commonly used VoIP (voice over internet protocol) appliance made by the German telecom hardware manufacturer Auerswald.

SEE: German audio tech giant Sennheiser exposed 55GB of users’ data

The backdoors were detected during penetration testing, and according to RedTeam Pentesting’s researchers, attackers can quickly obtain full administrative access to the devices.

Two Backdoors Found

In their technical analysis report published on Monday, RedTeam Pentesting researchers revealed that they discovered two backdoor passwords in the firmware of the COMpact 5500R PBX. One backdoor password was for the “solution user ‘Schandelah’,” and the other was used for the “optimum-privileged user’ admin.’”

“It turns out that Schandelah is the name of a tiny village in northern Germany where Auerswald produces their devices,” the report read.

However, researchers noted that they could not identify any way to disable the backdoors. The vulnerability is tracked as CVE-2021-40859 and assigned a CVSS score of 9.8.

What is PBX?

For your information, PBX refers to

Read More: