CVE-2007-3347
First published: Fri Jun 22 2007(Updated: )
The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-link Dph-541 | =1.00.03 | |
| D-Link DPH-540 | =1.00.14 | |
| D-Link DPH-540 | =1.00.03 | |
| D-link Dph-541 | =1.00.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.sipera.com/index.php?action=resources,threat_advisory&tid=219&
- http://www.securityfocus.com/bid/24560
- http://secunia.com/advisories/25803
- http://www.vupen.com/english/advisories/2007/2320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35063
- http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=219&
- collector/nvd-historical
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/d-link
- canonical/d-link dph-541
- version/d-link dph-541/1.00.03
- canonical/d-link dph-540
- version/d-link dph-540/1.00.14
- version/d-link dph-540/1.00.03
- version/d-link dph-541/1.00.14