CVE Vulnerability

CVE-2007-3347

The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.

7.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

Scope

References
Link Resource
http://www.sipera.com/index.php?action=resources,threat_advisory&tid=219& Patch
http://www.securityfocus.com/bid/24560
http://secunia.com/advisories/25803
http://www.vupen.com/english/advisories/2007/2320
https://exchange.xforce.ibmcloud.com/vulnerabilities/35063
Configurations

Configuration 1

cpe:2.3:h:d-link:dph-541:1.00.03:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dph-540:1.00.14:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dph-540:1.00.03:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dph-541:1.00.14:*:*:*:*:*:*:*
Information

Published : 2007-06-22 06:30

Updated : 2017-07-29 01:32

NVD link : CVE-2007-3347

Mitre link : CVE-2007-3347

Products Affected
No products.
CWE
NVD-CWE-Other