Sign-up

ID

VAR-200701-0211


CVE

CVE-2007-0431


TITLE

AVM FRITZ!Box VoIP Remote Denial of Service Vulnerability

Trust: 0.9

sources: BID: 22130 // CNNVD: CNNVD-200701-379

DESCRIPTION

AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060). FRITZ!Box is prone to a remote denial-of-service vulnerability. A remote attacker can exploit this issue to crash the VoIP-telephony service, effectively denying service to legitimate users. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Fritz!Box UDP Packet SIP Denial of Service SECUNIA ADVISORY ID: SA23868 VERIFY ADVISORY: http://secunia.com/advisories/23868/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: AVM Fritz!Box 7050 http://secunia.com/product/13298/ DESCRIPTION: Matthias Wenzel has reported a vulnerability in AVM Fritz!Box 7050, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of certain UDP packets. SOLUTION: Use another device. PROVIDED AND/OR DISCOVERED BY: Matthias Wenzel ORIGINAL ADVISORY: http://mazzoo.de/blog/2007/01/18#FritzBox_DoS ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2007-0431 // JVNDB: JVNDB-2007-001431 // BID: 22130 // PACKETSTORM: 53817

AFFECTED PRODUCTS

vendor:avmmodel:fritzboxscope:eqversion:7050

Trust: 1.6

vendor:avmmodel:fritz!boxscope: - version: -

Trust: 0.8

vendor:avmmodel:fritz!boxscope:eqversion:7050

Trust: 0.3

vendor:avmmodel:fritz!boxscope:neversion:705014.4.2

Trust: 0.3

sources: BID: 22130 // JVNDB: JVNDB-2007-001431 // CNNVD: CNNVD-200701-379 // NVD: CVE-2007-0431

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0431
value: HIGH

Trust: 1.0

NVD: CVE-2007-0431
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200701-379
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2007-0431
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2007-001431 // CNNVD: CNNVD-200701-379 // NVD: CVE-2007-0431

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0431

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-379

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200701-379

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001431

PATCH
title:Top Pageurl:http://www.avm.de/en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001431

EXTERNAL IDS
db:NVDid:CVE-2007-0431
Trust: 2.4
db:BIDid:22130
Trust: 1.9
db:SECUNIAid:23868
Trust: 1.7
db:VUPENid:ADV-2007-0272
Trust: 1.6
db:OSVDBid:32940
Trust: 1.6
db:JVNDBid:JVNDB-2007-001431
Trust: 0.8
db:XFid:31633
Trust: 0.6
db:FULLDISCid:20070119 DOS AGAINST AVM FRITZ!BOX 7050 (AND OTHERS)
Trust: 0.6
db:BUGTRAQid:20070119 DOS AGAINST AVM FRITZ!BOX 7050 (AND OTHERS)
Trust: 0.6
db:BUGTRAQid:20070123 RE: DOS AGAINST AVM FRITZ!BOX 7050 (AND OTHERS)
Trust: 0.6
db:CNNVDid:CNNVD-200701-379
Trust: 0.6
db:PACKETSTORMid:53817
Trust: 0.1
sources:
            
            
            BID: 22130 // 
            
            
            
            JVNDB: JVNDB-2007-001431 // 
            
            
            
            PACKETSTORM: 53817 // 
            
            
            
            CNNVD: CNNVD-200701-379 // 
            
            
            
            NVD: CVE-2007-0431

REFERENCES
url:http://mazzoo.de/blog/2007/01/18#fritzbox_dos
Trust: 2.0
url:http://www.securityfocus.com/bid/22130
Trust: 1.6
url:http://osvdb.org/32940
Trust: 1.6
url:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0387.html
Trust: 1.6
url:http://secunia.com/advisories/23868
Trust: 1.6
url:ftp://ftp.avm.de/fritz.box/fritzbox.fon_wlan_7050/firmware/info.txt
Trust: 1.6
url:http://www.vupen.com/english/advisories/2007/0272
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/31633
Trust: 1.0
url:http://www.securityfocus.com/archive/1/457829/100/0/threaded
Trust: 1.0
url:http://www.securityfocus.com/archive/1/457406/100/0/threaded
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0431
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0431
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/457406/100/0/threaded
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/31633
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/457829/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/0272
Trust: 0.6
url:ftp://ftp.avm.de/fritz.box/fritzbox.fon_wlan_7050/firmware/
Trust: 0.3
url:http://www.avm.de/en/
Trust: 0.3
url:http://www.avm.de/de/produkte/fritzbox/index.html
Trust: 0.3
url:/archive/1/457406
Trust: 0.3
url:/archive/1/457829
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/23868/
Trust: 0.1
url:http://secunia.com/software_inspector/
Trust: 0.1
url:http://secunia.com/product/13298/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            BID: 22130 // 
            
            
            
            JVNDB: JVNDB-2007-001431 // 
            
            
            
            PACKETSTORM: 53817 // 
            
            
            
            CNNVD: CNNVD-200701-379 // 
            
            
            
            NVD: CVE-2007-0431

CREDITS
Matthias Wenzel
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200701-379

SOURCES
db:BIDid:22130
db:JVNDBid:JVNDB-2007-001431
db:PACKETSTORMid:53817
db:CNNVDid:CNNVD-200701-379
db:NVDid:CVE-2007-0431

LAST UPDATE DATE
2025-04-10T23:23:45.259000+00:00

SOURCES UPDATE DATE
db:BIDid:22130date:2007-01-25T16:28:00
db:JVNDBid:JVNDB-2007-001431date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200701-379date:2007-01-23T00:00:00
db:NVDid:CVE-2007-0431date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:BIDid:22130date:2007-01-19T00:00:00
db:JVNDBid:JVNDB-2007-001431date:2012-06-26T00:00:00
db:PACKETSTORMid:53817date:2007-01-22T15:23:39
db:CNNVDid:CNNVD-200701-379date:2007-01-22T00:00:00
db:NVDid:CVE-2007-0431date:2007-01-23T02:28:00