Full Disclosure mailing list archives

Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185

From: Shawn Merdinger <shawnmer () gmail com>
Date: Mon, 16 Jan 2006 14:11:31 -0800

I disclosed the following issue at ShmooCon 2006
<http://www.shmoocon.org/> during my "VoIP Wireless Phone Security
Analysis" presentation.

Thanks,
--scm

===============================================================

DATE:
16 January, 2006

VENDOR:
Senao

VENDOR NOTIFIED:
7 December, 2005

PRODUCT:
Senao SI-7800H VoIP 802.11b Wireless Phone
http://www.senao.com/english/product/product_wired_dsl_1.asp?pgtl=Wired&tp1id=03&tp2id=02&proid=000188
Firmware Version: 0.03.0001
BSP Version: V 2_2_1/33

VULNERABILITY TITLE:
Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185

DETAILS, IMPACT AND WORKAROUND:
An undocumented open port, UDP/17185, VxWorks WDB remote debugging
(wdbrpc) is left in from development. This open port may allow an
attacker unauthenticated access to the phone's OS, yield sensitive
information, create opportunities for DoS, etc.

There appears to be no workaround to disabling this undocumented open port.

CONTACT INFORMATION:
Shawn Merdinger
shawnmer () gmail com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185 Shawn Merdinger (Jan 16)