Overview
The Linksys RT31P2 VoIP router contains several vulnerabilities that may allow a remote, unauthenticated attacker to cause a denial of service.
Description
The Linksys RT31P2 is a broadband router that includes Voice over Internet Protocol (VoIP) telephone functionality. The RT31P2 unit fails to properly handle malformed Session Initiation Protocol (SIP) messages, which are used by VoIP. |
Impact
A remote, unauthenticated attacker may be able to cause a denial-of-service condition. For example, when the phone is being used (off-hook), an attacker may be able to disrupt the call. When the phone is not being used (on-hook), an attacker may be able to cause the phone to stop working. |
Solution
We are currently unaware of a practical solution to this problem. The RT31P2 has been discontinued by Linksys. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Peter Thermos and Guy Hadsall of Palindrome Technologies for reporting this vulnerability.
This document was written by Will Dormann.
Other Information
| CVE IDs: | None |
| Severity Metric: | 1.35 |
| Date Public: | 2006-04-19 |
| Date First Published: | 2006-04-19 |
| Date Last Updated: | 2006-05-05 00:49 UTC |
| Document Revision: | 11 |