Published: 28/08/2007 Updated: 29/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The Thomson ST 2030 SIP phone with software 1.52.1 allows remote malicious users to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.

Vulnerable Product	Search on Vulmon	Subscribe to Product
thomson st 2030 sip phone 1

#!/usr/bin/perl #Vulneravility for Thomson 2030 firmware v1521 #It provokes a DoS in the device use IO::Socket::INET; die "Usage $0 <dst> <port> <username>" unless ($ARGV[2]); $socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1], Proto=>'udp', PeerAddr=>$ARGV[0]); $msg = "INVITE sip:$ARGV ...

source: wwwsecurityfocuscom/bid/25446/info Thomson SpeedTouch 2030 is prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP INVITE messages Exploiting this issue allows remote attackers to cause the device to stop responding, thus denying service to legitimate users This issue affects Thom ...

NVD-CWE-noinfo http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065433.html http://www.securityfocus.com/bid/25446 http://www.securitytracker.com/id?1018603 http://secunia.com/advisories/26587 http://securityreason.com/securityalert/3075 http://www.vupen.com/english/advisories/2007/2988 https://exchange.xforce.ibmcloud.com/vulnerabilities/36217 https://nvd.nist.gov https://www.exploit-db.com/exploits/4319/

CVE-2007-4553

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect