Zyxel P2000W UDP 9090 Remote Information Disclosure

2005-11-16T20:07:48
ID OSVDB:21292
Type osvdb
Reporter Shawn Merdinger()
Modified 2005-11-16T20:07:48

Description

Vulnerability Description

Zyxel P2000W VOIP WIFI phones contain a flaw that may lead to unauthorized information disclosure.  The issue is triggered when an attacker connects to an undocumented UDP port 9090, which will disclose the phones software version and MAC address information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Zyxel P2000W VOIP WIFI phones contain a flaw that may lead to unauthorized information disclosure.  The issue is triggered when an attacker connects to an undocumented UDP port 9090, which will disclose the phones software version and MAC address information resulting in a loss of confidentiality.

References:

Vendor URL: http://www.zyxel.com/product/P2000W.php Packet Storm: http://packetstormsecurity.org/0511-advisories/ZyxelVOIP.txt Other Advisory URL: http://www.securiteam.com/securitynews/6S00N0AELK.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0537.html ISS X-Force ID: 23092 CVE-2005-3724 Bugtraq ID: 15478