Wednesday, August 9, 2017

Mitel 3300 phone systems with telnet port open!!!

I went to shodan.io and searched for "SX-2000 port:23"

There are some Mitel phone systems open to the Internet with telnet. The default password has probably been changed so you can not login with HTTPS. But telnet is available with a default login.

WARNING

If you change the system login, this does not change the telnet login.

Someone could access these systems and view all programming.

Update: You can use maintenance commands like "busy extension 1234" to busy out an extension. The phone is then unusable.

Port 1752 is also available to view SMDR call records.

Don't connect Mitel systems directly to the Internet!

No comments: