Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185
From: Shawn Merdinger <shawnmer () gmail com>
Date: Mon, 16 Jan 2006 14:11:31 -0800
I disclosed the following issue at ShmooCon 2006
<http://www.shmoocon.org/> during my "VoIP Wireless Phone Security
Analysis" presentation.

Thanks,
--scm

===============================================================

DATE:
16 January, 2006

VENDOR:
Senao

VENDOR NOTIFIED:
7 December, 2005

PRODUCT:
Senao SI-7800H VoIP 802.11b Wireless Phone
http://www.senao.com/english/product/product_wired_dsl_1.asp?pgtl=Wired&tp1id=03&tp2id=02&proid=000188
Firmware Version: 0.03.0001
BSP Version: V 2_2_1/33

VULNERABILITY TITLE:
Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185

DETAILS, IMPACT AND WORKAROUND:
An undocumented open port, UDP/17185, VxWorks WDB remote debugging
(wdbrpc) is left in from development. This open port may allow an
attacker unauthenticated access to the phone's OS, yield sensitive
information, create opportunities for DoS, etc.

There appears to be no workaround to disabling this undocumented open port.

CONTACT INFORMATION:
Shawn Merdinger
shawnmer () gmail com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185 Shawn Merdinger (Jan 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]