Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Full Disclosure: ZyXel P2000W (Version 2) VoIP wireless phone undocumented port UDP/9090

ZyXel P2000W (Version 2) VoIP wireless phone undocumented port UDP/9090

From: Shawn Merdinger <shawnmer_at_gmail.com>
Date: Mon, 16 Jan 2006 14:12:07 -0800

I disclosed the following issue at ShmooCon 2006
<http://www.shmoocon.org/> during my "VoIP Wireless Phone Security
Analysis" presentation.

Thanks,
--scm

===============================================================

DATE:
16 January, 2006

VENDOR NOTIFIED:
7 December, 2005

VENDOR:
Zyxel

PRODUCT:
ZyXel P2000W (Version 2) VoIP 802.11b Wireless Phone
http://www.zyxel.com/product/model.php?indexcate=1122437334&indexFlagvalue=1075687935
Firmware version: WV.00.02

VULNERABILITY TITLE:
Zyxel P2000W (Version 2) VoIP wireless phone undocumented port UDP/9090

DETAILS, IMPACT AND WORKAROUND:
The Zyxel P2000W (Version 2) VoIP wireless phone has an undocumented
port, UDP/9090, that provides an unauthenticated attacker information
about the phone, specifically the phone's MAC address and software
version. An attacker can use this vulnerabiltiy to easily identiy the
phone and software version. Also, the undocumented open port may
provide an avenue for DoS.

There appears to be no workaround for this issue as far as disabling the port.

CONTACT INFORMATION:
Shawn Merdinger
shawnmer_at_gmail.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Jan 16 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]