CVE-2006-6411 - PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows remote attackers to cause a den

CVE-2006-6411

Summary

PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows remote attackers to cause a denial of service (crash) via a TCP SYN scan, as demonstrated using TCP ports 1-65535 with nmap.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051140.html
http://secunia.com/advisories/23256
http://securityreason.com/securityalert/2009
http://www.securityfocus.com/archive/1/453754/100/0/threaded
http://www.securityfocus.com/bid/21475
http://www.vupen.com/english/advisories/2006/4894
https://exchange.xforce.ibmcloud.com/vulnerabilities/30771

Vulnerable Configurations

cpe:2.3:h:linksys:wip_330_wireless-g_ip_phone:1.0.6_a:*:*:*:*:*:*:*
cpe:2.3:h:linksys:wip_330_wireless-g_ip_phone:1.0.6_a:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 17-10-2018 - 21:48)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	21475
bugtraq	20061207 Linksys WIP 330 VoIP wireless phone crash from Nmap scan
fulldisc	20061206 Linksys WIP 330 VoIP wireless phone crash from Nmap scan
secunia	23256
sreason	2009
vupen	ADV-2006-4894
xf	linksys-wip330-phonectrl-dos(30771)

Last major update

17-10-2018 - 21:48

Published

10-12-2006 - 02:28

Last modified

17-10-2018 - 21:48