I disclosed the following issue at ShmooCon 2006 during my "VoIP Wireless Phone Security Analysis" presentation. Thanks, --scm =============================================================== DATE: 16 January, 2006 VENDOR: Senao VENDOR NOTIFIED: 7 December, 2005 PRODUCT: Senao SI-7800H VoIP 802.11b Wireless Phone http://www.senao.com/english/product/product_wired_dsl_1.asp?pgtl=Wired&tp1id=03&tp2id=02&proid=000188 Firmware Version: 0.03.0001 BSP Version: V 2_2_1/33 VULNERABILITY TITLE: Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185 DETAILS, IMPACT AND WORKAROUND: An undocumented open port, UDP/17185, VxWorks WDB remote debugging (wdbrpc) is left in from development. This open port may allow an attacker unauthenticated access to the phone's OS, yield sensitive information, create opportunities for DoS, etc. There appears to be no workaround to disabling this undocumented open port. CONTACT INFORMATION: Shawn Merdinger shawnmer@gmail.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/