CVE-2007-3347 - The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP

CVE-2007-3347

Summary

The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.

References

Vulnerable Configurations

cpe:2.3:h:d-link:dph-540:1.00.03:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dph-540:1.00.03:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dph-540:1.00.14:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dph-540:1.00.14:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dph-541:1.00.03:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dph-541:1.00.03:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dph-541:1.00.14:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dph-541:1.00.14:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	COMPLETE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:C/A:N

refmap via4

bid	24560
misc	http://www.sipera.com/index.php?action=resources,threat_advisory&tid=219&
secunia	25803
vupen	ADV-2007-2320
xf	dlink-wifi-sipinvite-spoofing(35063)

Last major update

29-07-2017 - 01:32

Published

22-06-2007 - 18:30

Last modified

29-07-2017 - 01:32