PT-2011-08: Multiple vulnerabilities in Dlink DPH 150SE/E/F1

Vulnerable platform

Dlink DPH 150s IP Phone
Firmware version: FRU1.7.291.130 and earlier

Link:
http://www.dlink.ru/ru/products/8/1352.html

Severity level

Severity level: High
Impact: Multiple
Access vector: Network exploitable

CVSS v2:
Base score: 9.7
Temporal score: 8.3
Vector: (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:U/RC:UC)

CVE: not assigned

Platform description

Dlink DPH 150SE/E/F1 is a desktop IP phone.

Vulnerability description

Positive Research Center has discovered multiple vulnerabilities in Dlink DPH 150SE/E/F1 IP phone.

1. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to obtain device configuration file with all the settings including administrator's password.
An attacker should set up a tftp/ftp server to receive configuration file to exploit the vulnerability.

2. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to upload configuration file to the device.

3. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to modify the message shown on the device LCD display.

4. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to reboot device, causing temporary/permanent denial of service.

How to fix

Update your software up to the latest version
Update link

Advisory status

24.06.2011 - Vendor is notified
27.06.2011 - Vendor gets vulnerability details
20.07.2011 - Vendor releases fixed version and details
22.07.2011 - Public disclosure

Credits

These vulnerabilities were detected by Alexander Zaitsev, Gleb Gritsai and Yuri Goltsev, Positive Research Center (Positive Technologies Company)

References

http://en.securitylab.ru/lab/PT-2011-08

Reports on the vulnerabilities previously discovered by Positive Research Center:

http://en.securitylab.ru/lab/
http://www.ptsecurity.com/advisory1.aspx