lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed Nov 16 20:50:39 2005
From: shawnmer at gmail.com (Shawn Merdinger)
Subject: Zyxel P2000W (Version1) VoIP Wifi phone multiple
	vulnerabilties

I disclosed today the following vulnerabilities at the 32nd CSI
conference in Washington, D.C.
<https://www.cmpevents.com/CSI32/a.asp?option=G&V=3&id=406438>

Thanks,
Shawn Merdinger

===============================================================
VENDOR:
Zyxel

PRODUCT:
Zyxel P2000W Version 1 VOIP WIFI Phone
http://www.zyxel.com/product/P2000W.php

SOFTWARE VERSION:
Wj.00.10
Feb 05 2005

VENDOR NOTIFIED:
28 June, 2005

VENDOR RESPONSE:
None

A.  VULNERABILITY TITLE:
Zyxel P2000W v.1 VOIP WIFI Phone undocumented port UDP/9090

VULNERABILITY DETAILS, IMPACT AND WORKAROUND:
The Zyxel P2000W v.1 VOIP WIFI phone has an undocumented port,
UDP/9090, that provides an unauthenticated attacker information about
the phone, specifically the phone's MAC address and software version
is returned upon connection. An attacker can use this vulnerabiltiy to
easily identiy the phone and software version. Also, the undocumented
open port may provide an avenue for DoS. There appears to be no
workaround for this issue.

B.  VULNERABILITY TITLE:
Zyxel P2000W v.1 VOIP WIFI Phone uses hardcoded DNS servers

VULNERABILITY DETAILS, IMPACT AND WORKAROUND:
The Zyxel P2000W v.1 VOIP WIFI phone uses hardcoded DNS servers located
in Taiwan for the phone's DNS configuration.

Primary DNS IP is 168.95.1.1 resolving to dns.hinet.net
Secondary DNS IP is 139.175.55.244 resolving to dns.seed.net.tw

This configuration places every ZyXel phone using this software at
risk of unintentional DoS if the DNS servers in Taiwan become
unavailable.  If the DNS servers are compromised, all Zyxel phone
users worldwide are vulnerable to being redirected to malicious SIP
servers, etc. For a temporary workaround users can manually input the
IP address of a known, trusted DNS server via the keyboard at each
phone start when configured for DHCP or PPOE, however, this will not
persist once the phone is restarted.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ