(0-Day) GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP ports and DoS

2006.10.15

Credit: Shawn Merdinger, Independent Security Researcher

Risk: Low

Local: Yes

Remote: Yes

CVE: CVE-2006-5231

CWE: N/A

Ogólna skala CVSS: 7.8/10

Znaczenie: 6.9/10

Łatwość wykorzystania: 10/10

Wymagany dostęp: Zdalny

Złożoność ataku: Niska

Autoryzacja: Nie wymagana

Wpływ na poufność: Brak

Wpływ na integralność: Brak

Wpływ na dostępność: Pełny

Title:  GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP
ports and DoS

Version: 1.1.0.5

Issues:

1.The phone has multiple undocumented open UDP ports, including 5062,
5064, 5066, 9876, 26789
2.Sending large amount of ascii data via NetCat to any open UDP port,
including UDP/5060, results in the phone either rebooting or placed in a
frozen state, possibly appearing normal (display maintains text, etc.),
except the phone will not be functional.

Credit:

Shawn Merdinger, Independent Security Researcher

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

(0-Day) GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP ports and DoS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.