[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Senao SI-680H VoIP Wifi phone undocumented open port

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Senao SI-680H VoIP Wifi phone undocumented open port
From: Shawn Merdinger <shawnmer@xxxxxxxxx>
Date: Wed, 16 Nov 2005 15:48:10 -0500

I disclosed today the following vulnerability at the 32nd CSI
conference in Washington, D.C.
<https://www.cmpevents.com/CSI32/a.asp?option=G&V=3&id=406438>

Thanks,
Shawn Merdinger

===============================================================

VENDOR:
Senao

VENDOR NOTIFIED:
28 June, 2005

VENDOR RESPONSE:
None

PRODUCT:
Senao SI-680H VOIP WIFI Phone
http://www.senao.com/english/product/product_wired_dsl_1.asp?tp1id=03&tp2id=02&proid=000186

SOFTWARE VERSION:
Current Firmware Version 0.03.0839
Current Firmware Date 2005.04.20
Current BSP Version V 2_2_1/37 Feb 11 2005,12:26:46d
Hardware version 1.7.0

A.  VULNERABILITY TITLE:
Senao SI-680H VOIP WIFI phone undocumented open port UDP/17185

VULNERABILITY DETAILS, IMPACT AND WORKAROUND:
1. An udocumented open port, UDP/17185, VxWorks WDB remote debugging
(wdbrpc) is left in from development. This open port may allow an
attacker unauthenticated access to the phone's OS, perhaps yielding
sensitive information, creating opportunities for DoS, etc.

There appears to be no workaround to disabling this open port.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Zyxel P2000W (Version1) VoIP Wifi phone multiple vulnerabilties
Next by Date: RE: [Full-disclosure] freeftpd USER bufferoverflow
Previous by thread: [Full-disclosure] Zyxel P2000W (Version1) VoIP Wifi phone multiple vulnerabilties
Next by thread: [Full-disclosure] MOCM deadline
Index(es):
- Date
- Thread