Vulnerabilities > CVE-2007-1590 - Remote Denial of Service vulnerability in Grandstream Budgetone 200 1.1.1.14/1.1.1.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 2 |
Exploit-Db
| description | Grandstream Budge Tone-200 IP Phone (Digest domain) DoS Exploit. CVE-2007-1590. Dos exploit for hardware platform |
| id | EDB-ID:3535 |
| last seen | 2016-01-31 |
| modified | 2007-03-21 |
| published | 2007-03-21 |
| reporter | MADYNES |
| source | https://www.exploit-db.com/download/3535/ |
| title | Grandstream Budge Tone-200 IP Phone Digest domain DoS Exploit |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053099.html
- http://osvdb.org/34347
- http://secunia.com/advisories/24538
- http://www.securityfocus.com/bid/23075
- http://www.securitytracker.com/id?1017804
- http://www.vupen.com/english/advisories/2007/1054
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33108