Security consultant Paul Moore warns that many VoIP devices built by Cisco and Snom can be easily exploited with just a couple of lines of JavaScript. Moore says attackers can monitor or reroute all calls, activate microphones built into the device to listen to what’s being said locally, upload malicious firmware. Moore: “A default configuration is only. that a. client can configure that a client can restore device to a ‘default’ state, such a. competent installer needs to meet client’s. needs” Moore says he has shared related vulnerability details with Snom and Cisco, but so far has released no patches.”]
Source: https://www.cuinfosecurity.com/voip-phones-eavesdropping-alert-a-8869