PT-2011-08: Multiple vulnerabilities in Dlink DPH 150SE/E/F1 Vulnerable platformDlink DPH 150s IP Phone Firmware version: FRU1.7.291.130 and earlierLink: http://www.dlink.ru/ru/products/8/1352.html Severity levelSeverity level: High Impact: Multiple Access vector: Network exploitable CVSS v2: Base score: 9.7 Temporal score: 8.3 Vector: (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:U/RC:UC)CVE: not assignedPlatform descriptionDlink DPH 150SE/E/F1 is a desktop IP phone. Vulnerability descriptionPositive Research Center has discovered multiple vulnerabilities in Dlink DPH 150SE/E/F1 IP phone.1. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to obtain device configuration file with all the settings including administrator's password. An attacker should set up a tftp/ftp server to receive configuration file to exploit the vulnerability.2. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to upload configuration file to the device. 3. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to modify the message shown on the device LCD display. 4. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to reboot device, causing temporary/permanent denial of service. How to fixUpdate your software up to the latest version Update linkAdvisory status24.06.2011 - Vendor is notified 27.06.2011 - Vendor gets vulnerability details 20.07.2011 - Vendor releases fixed version and details 22.07.2011 - Public disclosureCreditsThese vulnerabilities were detected by Alexander Zaitsev, Gleb Gritsai and Yuri Goltsev, Positive Research Center (Positive Technologies Company) Referenceshttp://en.securitylab.ru/lab/PT-2011-08Reports on the vulnerabilities previously discovered by Positive Research Center:http://en.securitylab.ru/lab/ http://www.ptsecurity.com/advisory1.aspx