Enjoy the 4 minute walkthrough. Sent the vendor a quick email, but alas fell on deaf ears. *shrugs* If you have to ask what can you do against this in a test environment, I suggest you read the PTES and OSSTMM documentation over and over again. Title explained the gist of it though
I imagine that because you already are the admin, you knew the profile, and all the other data sent when you authenticate as admin.
I hope that they’ll fix it as soon as possible, but event if they’ll provide a firmware upgrade, some users very rarely are updating their VoIP devices. For them they are Black Box devices they don’t touch. I saw some SLAs where the vendor said that if the customer will touch the device the warranty will be void. Probably a temporary bandage will be to put them in a separate VLAN, but this is tricky and if not properly done will create a false sense of protection.