Lucene search

[email protected]CVE-2005-3725

HistoryNov 21, 2005 - 11:03 a.m.

CVE-2005-3725

2005-11-2111:03:00

[email protected]

web.nvd.nist.gov

zyxel

p2000w

voip

wifi

phone

wj.00.10

hardcoded dns

vulnerability

denial of service

dns hijacking

remote attack

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.1%

JSON

Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.

Affected configurations

NVD

Node

zyxelprestige_2000w_v.1voip_wi-fi_phoneMatchwj.00.10

CPENameOperatorVersion
zyxel:prestige_2000w_v.1voip_wi-fi_phonezyxel prestige 2000w v.1voip wi-fi phoneeqwj.00.10

CPE	Name	Operator	Version
zyxel:prestige_2000w_v.1voip_wi-fi_phone	zyxel prestige 2000w v.1voip wi-fi phone	eq	wj.00.10

References

marc.info/?l=full-disclosure&m=113217443126673&w=2

www.securityfocus.com/bid/15478

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for CVE-2005-3725

cvelist1 nvd1