I disclosed today the following vulnerability at the 32nd CSI
conference in Washington, D.C.
<https://www.cmpevents.com/CSI32/a.asp?option=G&V=3&id=406438>

Thanks,
Shawn Merdinger

===============================================================

VENDOR:
Senao

VENDOR NOTIFIED:
28 June, 2005

VENDOR RESPONSE:
None

PRODUCT:
Senao SI-680H VOIP WIFI Phone
http://www.senao.com/english/product/product_wired_dsl_1.asp?tp1id=03&tp2id=02&proid=000186

SOFTWARE VERSION:
Current Firmware Version 0.03.0839
Current Firmware Date 2005.04.20
Current BSP Version V 2_2_1/37 Feb 11 2005,12:26:46d
Hardware version 1.7.0

A.  VULNERABILITY TITLE:
Senao SI-680H VOIP WIFI phone undocumented open port UDP/17185

VULNERABILITY DETAILS, IMPACT AND WORKAROUND:
1. An udocumented open port, UDP/17185, VxWorks WDB remote debugging
(wdbrpc) is left in from development. This open port may allow an
attacker unauthenticated access to the phone's OS, perhaps yielding
sensitive information, creating opportunities for DoS, etc.

There appears to be no workaround to disabling this open port.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/