Sign-up

ID

VAR-200703-0205


CVE

CVE-2006-7121


TITLE

Linksys SPA-921 VoIP Desktop Phone of HTTP Service disruption at the server (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-003125

DESCRIPTION

The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication. (1) Excessively long URL (2) Too long user name (3) Overly long passwords. Linksys SPA921 VoIP phones are prone to denial-of-service vulnerabilities because the devices fail to properly handle large user-supplied input values in HTTP traffic. Exploiting this issue allows remote attackers to crash and reboot affected devices, denying service to legitimate users. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. The vulnerability is caused due to errors within the embedded HTTP server when handling long strings. This can be exploited to reboot the phone by sending long HTTP requests to it. The vulnerability has been reported in firmware version 1.0.0. Other versions may also be affected. SOLUTION: Restrict use to within trusted networks only. PROVIDED AND/OR DISCOVERED BY: Shawn Merdinger ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-7121 // JVNDB: JVNDB-2007-003125 // BID: 20346 // VULHUB: VHN-23229 // PACKETSTORM: 50828

AFFECTED PRODUCTS

vendor:linksysmodel:spa921scope:eqversion:1.0.0

Trust: 1.6

vendor:cisco linksysmodel:spa921scope: - version: -

Trust: 0.8

vendor:linksysmodel:spa921 voip phonescope:eqversion:0

Trust: 0.3

sources: BID: 20346 // JVNDB: JVNDB-2007-003125 // CNNVD: CNNVD-200703-177 // NVD: CVE-2006-7121

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-7121
value: HIGH

Trust: 1.0

NVD: CVE-2006-7121
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200703-177
value: HIGH

Trust: 0.6

VULHUB: VHN-23229
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-7121
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-23229
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-23229 // JVNDB: JVNDB-2007-003125 // CNNVD: CNNVD-200703-177 // NVD: CVE-2006-7121

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-7121

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200703-177

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200703-177

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003125

PATCH
title:Linksysurl:http://home.cisco.com/en-apac/home
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-003125

EXTERNAL IDS
db:NVDid:CVE-2006-7121
Trust: 2.8
db:BIDid:20346
Trust: 2.0
db:SECUNIAid:22267
Trust: 1.8
db:OSVDBid:29671
Trust: 1.7
db:JVNDBid:JVNDB-2007-003125
Trust: 0.8
db:CNNVDid:CNNVD-200703-177
Trust: 0.7
db:XFid:29349
Trust: 0.6
db:XFid:921
Trust: 0.6
db:FULLDISCid:20061004 (0-DAY) LINKSYS SPA-921 VOIP DESKTOP PHONE HTTP SERVER DOS
Trust: 0.6
db:VULHUBid:VHN-23229
Trust: 0.1
db:PACKETSTORMid:50828
Trust: 0.1
sources:
            
            
            VULHUB: VHN-23229 // 
            
            
            
            BID: 20346 // 
            
            
            
            JVNDB: JVNDB-2007-003125 // 
            
            
            
            PACKETSTORM: 50828 // 
            
            
            
            CNNVD: CNNVD-200703-177 // 
            
            
            
            NVD: CVE-2006-7121

REFERENCES
url:http://www.securityfocus.com/bid/20346
Trust: 1.7
url:http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0089.html
Trust: 1.7
url:http://www.osvdb.org/29671
Trust: 1.7
url:http://secunia.com/advisories/22267
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/29349
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7121
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-7121
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/29349
Trust: 0.6
url:http://www.linksys.com/servlet/satellite?c=l_product_c2&childpagename=us%2flayout&cid=1139435693953&pagename=linksys%2fcommon%2fvisitorwrapper
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/22267/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/product/12273/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-23229 // 
            
            
            
            BID: 20346 // 
            
            
            
            JVNDB: JVNDB-2007-003125 // 
            
            
            
            PACKETSTORM: 50828 // 
            
            
            
            CNNVD: CNNVD-200703-177 // 
            
            
            
            NVD: CVE-2006-7121

CREDITS
Shawn Merdinger discovered this issue.
Trust: 0.9
sources:
            
            
            BID: 20346 // 
            
            
            
            CNNVD: CNNVD-200703-177

SOURCES
db:VULHUBid:VHN-23229
db:BIDid:20346
db:JVNDBid:JVNDB-2007-003125
db:PACKETSTORMid:50828
db:CNNVDid:CNNVD-200703-177
db:NVDid:CVE-2006-7121

LAST UPDATE DATE
2024-08-14T15:09:34.453000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-23229date:2017-07-29T00:00:00
db:BIDid:20346date:2016-07-06T14:40:00
db:JVNDBid:JVNDB-2007-003125date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200703-177date:2007-03-07T00:00:00
db:NVDid:CVE-2006-7121date:2017-07-29T01:29:51.077

SOURCES RELEASE DATE
db:VULHUBid:VHN-23229date:2007-03-06T00:00:00
db:BIDid:20346date:2006-10-04T00:00:00
db:JVNDBid:JVNDB-2007-003125date:2012-09-25T00:00:00
db:PACKETSTORMid:50828date:2006-10-12T03:39:42
db:CNNVDid:CNNVD-200703-177date:2007-03-05T00:00:00
db:NVDid:CVE-2006-7121date:2007-03-06T01:19:00