(0-Day) GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP ports and DoS

2006.10.15

Credit: Shawn Merdinger, Independent Security Researcher

Risk: Low

Local: Yes

Remote: Yes

CVE: CVE-2006-5231

CWE: N/A

CVSS Base Score: 7.8/10

Impact Subscore: 6.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Complete

Title: GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP
ports and DoS
Version: 1.1.0.5
Issues:
1.The phone has multiple undocumented open UDP ports, including 5062,
5064, 5066, 9876, 26789
2.Sending large amount of ascii data via NetCat to any open UDP port,
including UDP/5060, results in the phone either rebooting or placed in a
frozen state, possibly appearing normal (display maintains text, etc.),
except the phone will not be functional.
Credit:
Shawn Merdinger, Independent Security Researcher

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

(0-Day) GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP ports and DoS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.