Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11067
HistoryJan 17, 2006 - 12:00 a.m.

[Full-disclosure] Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185

2006-01-1700:00:00
vulners.com
15
JSON

I disclosed the following issue at ShmooCon 2006
<http://www.shmoocon.org/&gt; during my "VoIP Wireless Phone Security
Analysis" presentation.

Thanks,
–scm

===============================================================

DATE:
16 January, 2006

VENDOR:
Senao

VENDOR NOTIFIED:
7 December, 2005

PRODUCT:
Senao SI-7800H VoIP 802.11b Wireless Phone
http://www.senao.com/english/product/product_wired_dsl_1.asp?pgtl=Wired&amp;tp1id=03&amp;tp2id=02&amp;proid=000188
Firmware Version: 0.03.0001
BSP Version: V 2_2_1/33

VULNERABILITY TITLE:
Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185

DETAILS, IMPACT AND WORKAROUND:
An undocumented open port, UDP/17185, VxWorks WDB remote debugging
(wdbrpc) is left in from development. This open port may allow an
attacker unauthenticated access to the phone's OS, yield sensitive
information, create opportunities for DoS, etc.

There appears to be no workaround to disabling this undocumented open port.

CONTACT INFORMATION:
Shawn Merdinger
[email protected]

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON