Zyxel P2000 UDP obtain information

zyxel-p2000-udp-obtain-information (23092) The risk level is classified as LowLow Risk

Description:

Zyxel P2000W could allow a remote attacker to obtain sensitive information caused by a vulnerability on an undocumented UDP port. A remote attacker could connect to the phone using UDP port 9090 and obtain sensitive information including MAC address and software version.

Platforms Affected:

  • ZyXEL, P2000W (Version 1)

Remedy:

No remedy available as of August 16, 2008.

Consequences:

Obtain Information

References:

  • Neohapsis Full Disclosure Message #0537 , Zyxel P2000W (Version1) VoIP Wifi phone multiple vulnerabilties at http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0537.html.
  • ZyXEL 2000W Web site, ZyXEL Prestige 2000W - VoIP Wi-Fi Phone at http://www.zyxel.com/product/P2000W.php.
  • BID-15478: Zyxel P2000W VOIP WIFI Phone Information Disclosure Vulnerability
  • CVE-2005-3724: Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
  • CVE-2005-3725: Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.
  • FrSIRT/ADV-2005-2476: ZyXEL P-2000W VoIP Wi-Fi Phone Information Disclosure Vulnerability
  • OSVDB ID: 21292: Zyxel P2000W UDP 9090 Remote Information Disclosure

Reported:

Nov 16, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page