Info

Disclosure

Nov 16, 2005

Discovery

Unknown

Dates

Exploit

Nov 16, 2005

Solution

Unknown

Description

Zyxel P2000W VOIP WIFI phones contain a flaw that may lead to unauthorized information disclosure. The issue is triggered when an attacker connects to an undocumented UDP port 9090, which will disclose the phones software version and MAC address information resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

ZyXEL Communications Corporation

P2000W v.1 VOIP WIFI Phone

Wj.00.10

References

Bugtraq ID: 15478
CVE ID: 2005-3724 (see also: NVD)
ISS X-Force ID: 23092
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0537.html
Packet Storm: http://packetstormsecurity.org/0511-advisories/ZyxelVOIP.txt
Other Advisory URL: http://www.securiteam.com/securitynews/6S00N0AELK.html
Vendor URL: http://www.zyxel.com/product/P2000W.php

Credit

Shawn Merdinger -

Direct URL: http://osvdb.org/36218