PT-2011-08: Multiple vulnerabilities in Dlink DPH 150SE/E/F1
Vulnerable platform
Dlink DPH 150s IP Phone
Firmware version: FRU1.7.291.130 and earlier
Link:
http://www.dlink.ru/ru/products/8/1352.html
Severity level
Severity level: High
Impact: Multiple
Access vector: Network exploitable
CVSS v2:
Base score: 9.7
Temporal score: 8.3
Vector: (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:U/RC:UC)
CVE: not assigned
Platform description
Dlink DPH 150SE/E/F1 is a desktop IP phone.
Vulnerability description
Positive Research Center has discovered multiple vulnerabilities in Dlink DPH 150SE/E/F1 IP phone.
1. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to obtain device configuration file with all the settings including administrator's password.
An attacker should set up a tftp/ftp server to receive configuration file to exploit the vulnerability.
2. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to upload configuration file to the device.
3. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to modify the message shown on the device LCD display.
4. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to reboot device, causing temporary/permanent denial of service.
How to fix
Update your software up to the latest version
Update link
Advisory status
24.06.2011 - Vendor is notified
27.06.2011 - Vendor gets vulnerability details
20.07.2011 - Vendor releases fixed version and details
22.07.2011 - Public disclosure
Credits
These vulnerabilities were detected by Alexander Zaitsev, Gleb Gritsai and Yuri Goltsev, Positive Research Center (Positive Technologies Company)
References
http://en.securitylab.ru/lab/PT-2011-08
Reports on the vulnerabilities previously discovered by Positive Research Center:
http://en.securitylab.ru/lab/
http://www.ptsecurity.com/advisory1.aspx