Denial of Service Vulnerability in Linksys SPA941 VoIP Phone by Linksys
CVE-2007-2270

Currently unrated

Key Information:

Vendor: Linksys
Status: Spa941
Vendor: CVE Published:; 25 April 2007

Summary

The Linksys SPA941 VoIP Phone is susceptible to a denial of service attack whereby remote attackers can trigger a device reboot. This vulnerability exploits the inclusion of a specific 0377 (0xff) character in the From header, and potentially in other SIP INVITE request locations. When this character is processed, it can lead to the unavailability of the VoIP service, disrupting normal operations for users.

References

https://www.exploit-db.com/exploits/3791

exploitx_refsource_EXPLOIT-DB

http://lists.grok.org.uk/pipermail/full-disclosure/2007-A...

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/23619

vdb-entryx_refsource_BID

EPSS Score

40% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 25, 2007
Vulnerability Reserved
Apr 25, 2007