Details of VAR-200706-0408

ID

VAR-200706-0408

CVE

CVE-2007-3347

TITLE

D-Link DPH-540/DPH-541 Any on the phone SIP Vulnerability used for communication

Trust: 0.8

sources: JVNDB: JVNDB-2007-002225

DESCRIPTION

The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID. D-Link DPH-540 / DPH-541 are popular wireless internet phone handsets. There are vulnerabilities in DPH-540 / DPH-541 mobile phones when processing authentication of data requests. Remote attackers may use this vulnerability to send malicious messages to the device. An attacker can exploit this issue to bypass security restrictions

Trust: 2.52

sources: NVD: CVE-2007-3347 // JVNDB: JVNDB-2007-002225 // CNVD: CNVD-2007-2208 // BID: 24560 // VULHUB: VHN-26709

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2007-2208

AFFECTED PRODUCTS

vendor:	d link	model:	dph-540	scope:	eq	version:	1.00.14	Trust: 1.6
vendor:	d link	model:	dph-541	scope:	eq	version:	1.00.14	Trust: 1.6
vendor:	d link	model:	dph-541	scope:	eq	version:	1.00.03	Trust: 1.6
vendor:	d link	model:	dph-540	scope:	eq	version:	1.00.03	Trust: 1.6
vendor:	d link	model:	dph-540	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dph-541	scope:	-	version:	-	Trust: 0.8
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dph-540/dph-541	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2007-2208 // BID: 24560 // JVNDB: JVNDB-2007-002225 // CNNVD: CNNVD-200706-363 // NVD: CVE-2007-3347

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-3347
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-3347
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200706-363
value:	HIGH
Trust: 0.6
VULHUB:	VHN-26709
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-3347
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-26709
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-26709 // JVNDB: JVNDB-2007-002225 // CNNVD: CNNVD-200706-363 // NVD: CVE-2007-3347

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3347

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200706-363

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200706-363

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002225

PATCH

title:

Top Page

url:

http://www.dlink.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-002225

EXTERNAL IDS

db:	NVD	id:	CVE-2007-3347	Trust: 3.4
db:	BID	id:	24560	Trust: 2.0
db:	SECUNIA	id:	25803	Trust: 1.7
db:	VUPEN	id:	ADV-2007-2320	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002225	Trust: 0.8
db:	CNNVD	id:	CNNVD-200706-363	Trust: 0.7
db:	CNVD	id:	CNVD-2007-2208	Trust: 0.6
db:	VULHUB	id:	VHN-26709	Trust: 0.1

sources: CNVD: CNVD-2007-2208 // VULHUB: VHN-26709 // BID: 24560 // JVNDB: JVNDB-2007-002225 // CNNVD: CNNVD-200706-363 // NVD: CVE-2007-3347

REFERENCES

url:	http://www.securityfocus.com/bid/24560	Trust: 1.7
url:	http://secunia.com/advisories/25803	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/2320	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/35063	Trust: 1.1
url:	http://www.sipera.com/index.php?action=resources%2cthreat_advisory&tid=219&	Trust: 1.0
url:	http://www.sipera.com/index.php?action=resources,threat_advisory&tid=219&	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3347	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3347	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/2320	Trust: 0.6
url:	http://www.d-link.com/	Trust: 0.3
url:	http://www.sipera.com/index.php?action=resources,threat_advisory&tid=219&	Trust: 0.1

sources: VULHUB: VHN-26709 // BID: 24560 // JVNDB: JVNDB-2007-002225 // CNNVD: CNNVD-200706-363 // NVD: CVE-2007-3347

CREDITS

Sipera VIPER Lab※ viper@sipera.com

Trust: 0.6

sources: CNNVD: CNNVD-200706-363

SOURCES

db:	CNVD	id:	CNVD-2007-2208
db:	VULHUB	id:	VHN-26709
db:	BID	id:	24560
db:	JVNDB	id:	JVNDB-2007-002225
db:	CNNVD	id:	CNNVD-200706-363
db:	NVD	id:	CVE-2007-3347

LAST UPDATE DATE

2025-04-10T23:07:27.285000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2007-2208	date:	2007-03-26T00:00:00
db:	VULHUB	id:	VHN-26709	date:	2017-07-29T00:00:00
db:	BID	id:	24560	date:	2007-06-26T23:38:00
db:	JVNDB	id:	JVNDB-2007-002225	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200706-363	date:	2007-06-25T00:00:00
db:	NVD	id:	CVE-2007-3347	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2007-2208	date:	2007-03-26T00:00:00
db:	VULHUB	id:	VHN-26709	date:	2007-06-22T00:00:00
db:	BID	id:	24560	date:	2007-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2007-002225	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200706-363	date:	2007-03-26T00:00:00
db:	NVD	id:	CVE-2007-3347	date:	2007-06-22T18:30:00