[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185
From: Shawn Merdinger <shawnmer@xxxxxxxxx>
Date: Mon, 16 Jan 2006 14:11:31 -0800

I disclosed the following issue at ShmooCon 2006
<http://www.shmoocon.org/> during my "VoIP Wireless Phone Security
Analysis" presentation.

Thanks,
--scm

===============================================================

DATE:
16 January, 2006

VENDOR:
Senao

VENDOR NOTIFIED:
7 December, 2005

PRODUCT:
Senao SI-7800H VoIP 802.11b Wireless Phone
http://www.senao.com/english/product/product_wired_dsl_1.asp?pgtl=Wired&tp1id=03&tp2id=02&proid=000188
Firmware Version: 0.03.0001
BSP Version: V 2_2_1/33

VULNERABILITY TITLE:
Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185

DETAILS, IMPACT AND WORKAROUND:
An undocumented open port, UDP/17185, VxWorks WDB remote debugging
(wdbrpc) is left in from development. This open port may allow an
attacker unauthenticated access to the phone's OS, yield sensitive
information, create opportunities for DoS, etc.

There appears to be no workaround to disabling this undocumented open port.

CONTACT INFORMATION:
Shawn Merdinger
shawnmer@xxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] ACT P202S VoIP wireless phone multiple undocumented ports/services
Next by Date: [Full-disclosure] Clipcomm CPW-100E VoIP wireless handset phone open debug service TCP/60023
Previous by thread: [Full-disclosure] ACT P202S VoIP wireless phone multiple undocumented ports/services
Next by thread: [Full-disclosure] Clipcomm CPW-100E VoIP wireless handset phone open debug service TCP/60023
Index(es):
- Date
- Thread