Snom 320 VoIP phones have no authentication whatsoever. Attackers can make calls, receive calls, play recordings, upload new firmware and use the device for covert surveillance. Many manufacturers provide a default set of credentials even if they’re usually “admin/admin”, thus equally insecure. If you must supply devices with “default” credentials, disable all other functionality until a suitably-secure password is set to replace it. Professor Alan Woodward of Surrey University has published an article entitled “Are you only using your VOIP phone?””]
Source: https://paul.reviews/pwnphone-default-passwords-allow-covert-surveillance/

