15 matches found
EUVD-2005-3721
Malware in sbrugna...
EUVD-2006-0309
Malware in sbrugna...
EUVD-2005-3722
Malware in sbrugna...
Hawking Technology wireless router WR254-CA DNS issue
Hi, I have discovered a security issue with Hawking Technology wireless router, model WR254-CA. Since they are still available on the market so I think it will be good to warn the community. This router contains a DNS address 139.175.55.244 hardcoded in the firmware. At least when used in DHCP...
CVE-2006-0302
CVE-2006-0302 affects ZyXel P2000W VoIP 802.11b Wireless Phone with firmware WV.00.02. The issue exposes partial information disclosure by allowing remote access to sensitive data (MAC address and software version) via UDP port 9090. The provided documents do not specify the exact root cause beyo...
ZyXel P2000W wireless VoIP phone information leak
Undocumented TCP/9090 leaks information on phone configuration...
[Full-disclosure] ZyXel P2000W (Version 2) VoIP wireless phone undocumented port UDP/9090
I disclosed the following issue at ShmooCon 2006 http://www.shmoocon.org/ during my "VoIP Wireless Phone Security Analysis" presentation. Thanks, --scm =============================================================== DATE: 16 January, 2006 VENDOR NOTIFIED: 7 December, 2005 VENDOR: Zyxel PRODUCT:...
CVE-2005-3725
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent...
CVE-2005-3724
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication...
CVE-2005-3724
The CVE-2005-3724 entry concerns Zyxel P2000W Version 1 VOIP/WiFi Phone (firmware Wj.00.10). The vulnerability allows remote attackers to obtain sensitive information and potentially cause a denial of service by connecting to an undocumented UDP port 9090 without authentication. The sources provi...
CVE-2005-3724
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication...
CVE-2005-3725
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers. This can let remote attackers cause a denial of service or hijack Zyxel phones by attacking or spoofing those hardcoded DNS servers. The issue is described in CVE-2005-3725; exploitation details are n...
CVE-2005-3725
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent...
Multiple Zyxel P2000W wirieless Wi-Fi VoIP phones vulnerabilities
Information leak, external DNS servers access...
[Full-disclosure] Zyxel P2000W (Version1) VoIP Wifi phone multiple vulnerabilties
I disclosed today the following vulnerabilities at the 32nd CSI conference in Washington, D.C. https://www.cmpevents.com/CSI32/a.asp?option=G&V=3&id=406438 Thanks, Shawn Merdinger =============================================================== VENDOR: Zyxel PRODUCT: Zyxel P2000W Version 1 VOIP WI...