BID:23075

Grandstream Budgetone 200 Phone SIP INVITE Remote Denial of Service Vulnerability

Info

Grandstream Budgetone 200 Phone SIP INVITE Remote Denial of Service Vulnerability

Bugtraq ID:	23075
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Mar 21 2007 12:00AM
Updated:	Mar 21 2007 09:13PM
Credit:	This vulnerability was discovered by the Madynes research team at INRIA.
Vulnerable:	Grandstream BudgeTone 200 Series SIP Phones 1.1.1 14

Not Vulnerable:

Discussion

Grandstream Budgetone 200 Phone SIP INVITE Remote Denial of Service Vulnerability

Grandstream Budgetone 200 phones are prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to cause the device to freeze and possibly reboot, effectively denying service to legitimate users.

Exploit / POC

Grandstream Budgetone 200 Phone SIP INVITE Remote Denial of Service Vulnerability

The following proof of concept is available.

/data/vulnerabilities/exploits/budgetone200_sip_dos.pl

Solution / Fix

Grandstream Budgetone 200 Phone SIP INVITE Remote Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

References

Grandstream Budgetone 200 Phone SIP INVITE Remote Denial of Service Vulnerability

References:

Grandstream Budgetone 200 Product Page (Grandstream)
Grandstream Budge Tone-200 denial of service vulnerability (MADYNES Security)