Vulnerability Note VU#621566

Linksys RT31P2 VoIP router denial of service vulnerabilities

Overview

The Linksys RT31P2 VoIP router contains several vulnerabilities that may allow a remote, unauthenticated attacker to cause a denial of service.

I. Description

The Linksys RT31P2 is a broadband router that includes Voice over Internet Protocol (VoIP) telephone functionality. The RT31P2 unit fails to properly handle malformed Session Initiation Protocol (SIP) messages, which are used by VoIP.

II. Impact

A remote, unauthenticated attacker may be able to cause a denial-of-service condition. For example, when the phone is being used (off-hook), an attacker may be able to disrupt the call. When the phone is not being used (on-hook), an attacker may be able to cause the phone to stop working.

III. Solution

We are currently unaware of a practical solution to this problem. The RT31P2 has been discontinued by Linksys.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Linksys (A division of Cisco Systems)	Vulnerable	19-Apr-2006

References

http://www1.linksys.com/products/product.asp?grid=34&prid=652
http://www.ietf.org/html.charters/sip-charter.html

Credit

Thanks to Peter Thermos and Guy Hadsall of Palindrome Technologies for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

Date Public:	2006-04-19
Date First Published:	2006-04-19
Date Last Updated:	2006-05-04
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	1.35
Document Revision:	10

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader