Vulnerability Description
The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| D-Link | Dph-540 | 1.00.03 |
| D-Link | Dph-541 | 1.00.03 |
References
- http://secunia.com/advisories/25803
- http://www.securityfocus.com/bid/24560
- http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=219&
- http://www.vupen.com/english/advisories/2007/2320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35063
- http://secunia.com/advisories/25803
- http://www.securityfocus.com/bid/24560
- http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=219&
- http://www.vupen.com/english/advisories/2007/2320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35063
FAQ
What is CVE-2007-3347?
CVE-2007-3347 is a vulnerability with a CVSS score of 7.8 (HIGH). The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as d...
How severe is CVE-2007-3347?
CVE-2007-3347 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3347?
Check the references section above for vendor advisories and patch information. Affected products include: D-Link Dph-540, D-Link Dph-541.