Unrated severityNVD Advisory· Published Jan 26, 2007· Updated Jun 16, 2026

CVE-2007-0528

Description

The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Centrality Communications/Pa168 Chipset
cpe:2.3:h:centrality_communications:pa168_chipset:*:*:*:*:*:*:*:*
Range: <=firmware_1.54
Centrality Communications/PA168llm-create
Range: <=1.54

Patches

Vulnerability mechanics

References

www.procheckup.com/Vulner_PR0614.phpnvdVendor Advisory
osvdb.org/32966nvd
secunia.com/advisories/23919nvd
secunia.com/advisories/23936nvd
www.securityfocus.com/archive/1/457868/100/0/threadednvd
www.vupen.com/english/advisories/2007/0346nvd
www.exploit-db.com/exploits/3189nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000