Full Disclosure mailing list archives

Linksys WIP 330 VoIP wireless phone crash from Nmap scan

From: "Shawn Merdinger" <shawnmer () gmail com>
Date: Wed, 6 Dec 2006 10:40:19 -0800

Vulnerability Description
==================
The Linksys WIP 330 VoIP wireless phone will crash when a full
port-range Nmap scan is run against its IP address.


Linksys WIP 330 Firmware Version
==========================
1.00.06A


Nmap scan command
================
nmap -P0 <WIP 330 ip address> -p 1-65535


Impact
=====
The crash is only after Nmap has finished. The Nmap scan also seems to
disrupt updating of the display as the clock is not updated. The crash
appears related to PhoneCtl.exe running on the phone's Windows CE 4.2
operating system.

Screenshot of the crash: http://www.flickr.com/photos/metalmijn/295348294/


Credit
====
Credit for discovering this vulnerability goes to Armijn Hemel

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Linksys WIP 330 VoIP wireless phone crash from Nmap scan Shawn Merdinger (Dec 06)
- Re: Linksys WIP 330 VoIP wireless phone crash from Nmap scan Knud Erik Højgaard (Dec 06)
- Re: Linksys WIP 330 VoIP wireless phone crash from Nmap scan Knud Erik Højgaard (Dec 06)
  - Re: Linksys WIP 330 VoIP wireless phone crash from Nmap scan Shawn Merdinger (Dec 06)
- Re: Linksys WIP 330 VoIP wireless phone crash fromNmap scan pingywon (Dec 07)
  - Re: Linksys WIP 330 VoIP wireless phone crash fromNmap scan Shawn Merdinger (Dec 08)
    - Re: Linksys WIP 330 VoIP wireless phone crash fromNmap scan pingywon (Dec 08)
- Re: Linksys WIP 330 VoIP wireless phone crash from Nmap scan Collin R. Mulliner (Dec 09)
  - Re: Linksys WIP 330 VoIP wireless phone crash from Nmap scan Shawn Merdinger (Dec 09)