Vulnerabilities > CVE-2007-4498 - Remote Denial of Service vulnerability in Grandstream SIP Phone Gxv3000
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
COMPLETE Summary
The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 3 |
Exploit-Db
| description | Grandstream GXV-3000 Phone Remote Denial of Service Vulnerability. CVE-2007-4498. Dos exploit for hardware platform |
| id | EDB-ID:30517 |
| last seen | 2016-02-03 |
| modified | 2007-08-22 |
| published | 2007-08-22 |
| reporter | MADYNES |
| source | https://www.exploit-db.com/download/30517/ |
| title | Grandstream GXV-3000 Phone Remote Denial of Service Vulnerability |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065417.html
- http://osvdb.org/40185
- http://secunia.com/advisories/26568
- http://securityreason.com/securityalert/3059
- http://www.securityfocus.com/bid/25399
- http://www.securitytracker.com/id?1018598
- http://www.vupen.com/english/advisories/2007/2970
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36170