ID CVE-2007-3347
Summary The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.
References
Vulnerable Configurations
  • cpe:2.3:h:d-link:dph-540:1.00.03:*:*:*:*:*:*:*
    cpe:2.3:h:d-link:dph-540:1.00.03:*:*:*:*:*:*:*
  • cpe:2.3:h:d-link:dph-540:1.00.14:*:*:*:*:*:*:*
    cpe:2.3:h:d-link:dph-540:1.00.14:*:*:*:*:*:*:*
  • cpe:2.3:h:d-link:dph-541:1.00.03:*:*:*:*:*:*:*
    cpe:2.3:h:d-link:dph-541:1.00.03:*:*:*:*:*:*:*
  • cpe:2.3:h:d-link:dph-541:1.00.14:*:*:*:*:*:*:*
    cpe:2.3:h:d-link:dph-541:1.00.14:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE COMPLETE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:C/A:N
refmap via4
bid 24560
misc http://www.sipera.com/index.php?action=resources,threat_advisory&tid=219&
secunia 25803
vupen ADV-2007-2320
xf dlink-wifi-sipinvite-spoofing(35063)
Last major update 29-07-2017 - 01:32
Published 22-06-2007 - 18:30
Last modified 29-07-2017 - 01:32
Back to Top