Lucene search

[email protected]CVE-2007-3347

HistoryJun 22, 2007 - 6:30 p.m.

CVE-2007-3347

2007-06-2218:30:00

[email protected]

web.nvd.nist.gov

d-link

dph-540

dph-541

sip

invite

remote attackers

arbitrary communication

caller id

cve-2007-3347

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:C/A:N

6.8 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.3%

JSON

The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server’s IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.

Affected configurations

NVD

Node

d-linkdph-540Match1.00.03

d-linkdph-540Match1.00.14

d-linkdph-541Match1.00.03

d-linkdph-541Match1.00.14

CPENameOperatorVersion
d-link:dph-540d-link dph-540eq1.00.03
d-link:dph-540d-link dph-540eq1.00.14
d-link:dph-541d-link dph-541eq1.00.03
d-link:dph-541d-link dph-541eq1.00.14

CPE	Name	Operator	Version
d-link:dph-540	d-link dph-540	eq	1.00.03
d-link:dph-540	d-link dph-540	eq	1.00.14
d-link:dph-541	d-link dph-541	eq	1.00.03
d-link:dph-541	d-link dph-541	eq	1.00.14

References

secunia.com/advisories/25803

www.securityfocus.com/bid/24560

www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=219&

www.vupen.com/english/advisories/2007/2320

exchange.xforce.ibmcloud.com/vulnerabilities/35063

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:C/A:N

6.8 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.3%

JSON

Related for CVE-2007-3347

prion1 cvelist1 nvd1