CVE Vulnerabilities

CVE-2007-3347

Published: Jun 22, 2007 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:C/A:N
RedHat/V2
RedHat/V3
Ubuntu

The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server’s IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.

Affected Software

Name Vendor Start Version End Version
Dph-540 D-link 1.00.03 1.00.03
Dph-540 D-link 1.00.14 1.00.14
Dph-541 D-link 1.00.03 1.00.03
Dph-541 D-link 1.00.14 1.00.14

References