The Zyxel P2000W (Version 2) VoIP wireless phone has an undocumented port, UDP/9090, that provides an unauthenticated attacker information about the phone, specifically the phone's MAC address and software version.
c50f8663edc4a02df9008ab612700d7a5c0fdcf5a5d361aa36e8361634330c4c
DATE:
16 January, 2006
VENDOR NOTIFIED:
7 December, 2005
VENDOR:
Zyxel
PRODUCT:
ZyXel P2000W (Version 2) VoIP 802.11b Wireless Phone
https://www.zyxel.com/product/model.php?indexcate=1122437334&indexFlagvalue=1075687935
Firmware version: WV.00.02
VULNERABILITY TITLE:
Zyxel P2000W (Version 2) VoIP wireless phone undocumented port UDP/9090
DETAILS, IMPACT AND WORKAROUND:
The Zyxel P2000W (Version 2) VoIP wireless phone has an undocumented
port, UDP/9090, that provides an unauthenticated attacker information
about the phone, specifically the phone's MAC address and software
version. An attacker can use this vulnerabiltiy to easily identiy the
phone and software version. Also, the undocumented open port may
provide an avenue for DoS.
There appears to be no workaround for this issue as far as disabling the port.
CONTACT INFORMATION:
Shawn Merdinger
shawnmer@gmail.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed