Snom SIP phones suffer from a remote denial of service vulnerability.
a9dfc90dfa8c8f12d789e27b1c02092ea4dd4c2c8d05e6763b86969b623aaa28Snom SIP phones (www.snom.com) have a builtin HTTP/HTTPS configuration
interface, which is enabled by default.
By making a single HTTP POST request all available memory (and CPU) can be
exhausted, resulting in a reboot of the phone.
This even works if the HTTP/HTTPS interface is protected by username and
password (probably the credentials are checked a few more lines later when
the complete request has been received).
Affected models: MP, 3XX, 7XX, 8XX (i didnt have any of the other models to
test)
Affected firmwares: latest stable, latest beta (most likely some others too)
Workaround: Disable HTTP/HTTPS interface completely.
Poc:
dd if=/dev/zero bs=1M count=32 | curl http://IP_OF_PHONE
<http://ip_of_phone/> --data-binary @-
P.S. Just if you are wondering.... I did not notify the vendor about this.
Almost two years ago i reported multiple vulnerabilities directly to the
vendor (including the possibility to install arbitrary software on the
device), but not much has changed since then.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed