[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linksys phone adapter denial of service


Tested on SPA-942 (1.0.1(7817)).
The web interface crash but the phone works and after a call the web interface works again.


J. Oquendo wrote:
orsino wrote:
There's a difference between being able to get onto a network (via wifi
maybe?) and getting physical access to a device.

For starters this is a VoIP device (Product Name: SPA-2102), but even if it weren't it makes no difference to me and in the security realm it shouldn't make a difference to anyone else either.

1) I don't have an open network and if you do and are on this list its either going to be a honeypot or for theft of information (bad guys roam this list too)

2) Think about how insanely stupid it would be to "go on a live network" then ping a VoIP device offline. What does this accomplish other then pure stupidity.

3) Where is the vendor contact information. Was this meant to be posted to Bugtrag or Fool Disclosure?

Michael Vergoz
BinarySEC SAS - Research & Development
mv@xxxxxxxxxxxxx - http://www.binarysec.com/
try { BinarySEC 2.4.0 } catch { webvirus } !