+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: General topics (/forumdisplay.php?fid=15)
+--- Thread: SECURIY ISSUE: VC400 being brute forced and dont stop calling (/showthread.php?tid=42360)
SECURIY ISSUE: VC400 being brute forced and dont stop calling - HenriqueMachado - 01-04-2019 11:53 AM
Hello! Henrique from Brazil
Today my VC400 started receiving calls one after the other. When I look who is calling it show like SQL Injection codes:
admin' --
admin' #
admin'/*
' or 1=1--
' or 1=1#
' or 1=1/*
1' or '1' = '1
') or '1'='1--
') or ('1'='1--
What can I do? Is there a way to protect my VC400 from these scanners? Like a password before calling or something like that?
Thanks
RE: SECURIY ISSUE: VC400 being brute forced and dont stop calling - complex1 - 01-04-2019 01:02 PM
(01-04-2019 11:53 AM)HenriqueMachado Wrote: Hello! Henrique from Brazil
Today my VC400 started receiving calls one after the other. When I look who is calling it show like SQL Injection codes:
admin' --
admin' #
admin'/*
' or 1=1--
' or 1=1#
' or 1=1/*
1' or '1' = '1
') or '1'='1--
') or ('1'='1--
What can I do? Is there a way to protect my VC400 from these scanners? Like a password before calling or something like that?
Thanks
Hi Henrique,
May I suggest to do next steps?
- Disconnect the VC400 from your LAN.
- Check your router firewall configuration if the right ports are set.
- Reset VC400 Codec to factory default.
Using tiny objects (for example, the paper clip) to press and hold the reset button for 15 seconds until the screen turns black.
- Change User password into a strong password (>16 char) or disable the user mode
- Change Admin password into a strong password (>16 char)
- Connect the VC400 to your LAN
- (Re)configure the device and check again.
Hope this will help.