Vulnerabilities > CVE-2009-5140 - Improper Restriction of Excessive Authentication Attempts vulnerability in Linksys Spa2102 Firmware

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

linksys

CWE-307

NVD

Published: 2020-02-12

Updated: 2020-02-14

Summary

The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.

Vulnerable Configurations

Part	Description	Count
OS	Linksys Linksys Spa2102 Firmware -	1
Hardware	Linksys Linksys Spa2102 -	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Packetstorm

data source	https://packetstormsecurity.com/files/download/125965/phonerlite-disclose.txt
id	PACKETSTORM:125965
last seen	2016-12-05
published	2014-03-31
reporter	Jason Ostrom
source	https://packetstormsecurity.com/files/125965/PhonerLite-2.14-Digest-Information-Leak.html
title	PhonerLite 2.14 Digest Information Leak

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:85923
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-85923
title	PhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

Seebug

References