Details of VAR-190001-0476

ID

VAR-190001-0476

TITLE

Dlink DPH 150SE/E/F1 IP Phones Device Restart Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2011-2878

DESCRIPTION

Dlink DPH is an IP telephony solution. A security vulnerability exists in the web management interface of Dlink DPH 150SE, which allows unauthenticated users to obtain profile information including the administrator password. Dlink DPH IP phones are prone to multiple remote vulnerabilities. The following devices are affected: Dlink DPH 150SE Dlink DPH 150E Dlink DPH 150F1

Trust: 2.43

sources: CNVD: CNVD-2011-2878 // CNVD: CNVD-2011-2874 // CNVD: CNVD-2011-2875 // CNVD: CNVD-2011-2876 // BID: 48894

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 2.4

sources: CNVD: CNVD-2011-2878 // CNVD: CNVD-2011-2874 // CNVD: CNVD-2011-2875 // CNVD: CNVD-2011-2876

AFFECTED PRODUCTS

vendor:	dlink	model:	dph 150e	scope:	-	version:	-	Trust: 2.7
vendor:	dlink	model:	dph 150f1	scope:	-	version:	-	Trust: 2.7
vendor:	dlink	model:	dph 150se	scope:	-	version:	-	Trust: 2.7

sources: CNVD: CNVD-2011-2878 // CNVD: CNVD-2011-2874 // CNVD: CNVD-2011-2875 // CNVD: CNVD-2011-2876 // BID: 48894

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201107-404

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201107-404

PATCH

title:	Patch for Dlink DPH 150SE/E/F1 IP Phones Device Restart Vulnerability	url:	https://www.cnvd.org.cn/patchinfo/show/4549	Trust: 0.6
title:	Dlink DPH 150SE/E/F1 IP Phones Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchinfo/show/4553	Trust: 0.6
title:	Dlink DPH 150SE/E/F1 IP Phones File Upload Vulnerability Patch	url:	https://www.cnvd.org.cn/patchinfo/show/4552	Trust: 0.6
title:	Dlink DPH 150SE/E/F1 IP Phones message modification vulnerability patch	url:	https://www.cnvd.org.cn/patchinfo/show/4550	Trust: 0.6

sources: CNVD: CNVD-2011-2878 // CNVD: CNVD-2011-2874 // CNVD: CNVD-2011-2875 // CNVD: CNVD-2011-2876

EXTERNAL IDS

db:	BID	id:	48894	Trust: 3.3
db:	CNVD	id:	CNVD-2011-2878	Trust: 0.6
db:	CNVD	id:	CNVD-2011-2874	Trust: 0.6
db:	CNVD	id:	CNVD-2011-2875	Trust: 0.6
db:	CNVD	id:	CNVD-2011-2876	Trust: 0.6
db:	CNNVD	id:	CNNVD-201107-404	Trust: 0.6

sources: CNVD: CNVD-2011-2878 // CNVD: CNVD-2011-2874 // CNVD: CNVD-2011-2875 // CNVD: CNVD-2011-2876 // BID: 48894 // CNNVD: CNNVD-201107-404

REFERENCES

url:	http://www.securityfocus.com/archive/1/518998	Trust: 2.4
url:	http://www.securityfocus.com/bid/48894	Trust: 0.6
url:	http://www.dlink.ru/ru/products/8/1352.html	Trust: 0.3
url:	/archive/1/518998	Trust: 0.3

sources: CNVD: CNVD-2011-2878 // CNVD: CNVD-2011-2874 // CNVD: CNVD-2011-2875 // CNVD: CNVD-2011-2876 // BID: 48894 // CNNVD: CNNVD-201107-404

CREDITS

Alexander Zaitsev, Gleb Gritsai and Yuri Goltsev, Positive Research Lab

Trust: 0.9

sources: BID: 48894 // CNNVD: CNNVD-201107-404

SOURCES

db:	CNVD	id:	CNVD-2011-2878
db:	CNVD	id:	CNVD-2011-2874
db:	CNVD	id:	CNVD-2011-2875
db:	CNVD	id:	CNVD-2011-2876
db:	BID	id:	48894
db:	CNNVD	id:	CNNVD-201107-404

LAST UPDATE DATE

2022-05-17T02:03:06.942000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-2878	date:	2011-07-27T00:00:00
db:	CNVD	id:	CNVD-2011-2874	date:	2011-07-27T00:00:00
db:	CNVD	id:	CNVD-2011-2875	date:	2011-07-27T00:00:00
db:	CNVD	id:	CNVD-2011-2876	date:	2011-07-27T00:00:00
db:	BID	id:	48894	date:	2011-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201107-404	date:	2011-07-28T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-2878	date:	2011-07-27T00:00:00
db:	CNVD	id:	CNVD-2011-2874	date:	2011-07-27T00:00:00
db:	CNVD	id:	CNVD-2011-2875	date:	2011-07-27T00:00:00
db:	CNVD	id:	CNVD-2011-2876	date:	2011-07-27T00:00:00
db:	BID	id:	48894	date:	2011-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201107-404	date:	1900-01-01T00:00:00