发布时间 :2005-11-21 06:03:00
修订时间 :2017-07-10 21:33:17

[原文]Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.

[CNNVD]Zyxel P2000W VOIP WIFI电话信息泄漏漏洞(CNNVD-200511-296)

        Zyxel P2000W VOIP WIFI是一款针对wifi的无线电话。
        Zyxel P2000W第1版VOIP WIFI电话Wj.00.10,可让远程攻击者通过直接连接到未记入文档也不要求认证的UDP端口9090来获取敏感信息并可能导致系统拒绝服务。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-200 [信息暴露]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  FULLDISC  20051116 Zyxel P2000W (Version1) VoIP Wifi phone multiple
(UNKNOWN)  BID  15478
(UNKNOWN)  XF  zyxel-p2000-udp-obtain-information(23092)

- 漏洞信息

Zyxel P2000W VOIP WIFI电话信息泄漏漏洞
中危 访问验证错误
2005-11-21 00:00:00 2006-06-12 00:00:00
        Zyxel P2000W VOIP WIFI是一款针对wifi的无线电话。
        Zyxel P2000W第1版VOIP WIFI电话Wj.00.10,可让远程攻击者通过直接连接到未记入文档也不要求认证的UDP端口9090来获取敏感信息并可能导致系统拒绝服务。

- 公告与补丁


- 漏洞信息

ZyXEL P2000W UDP 9090 Remote Information Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

Zyxel P2000W VOIP WIFI phones contain a flaw that may lead to unauthorized information disclosure.  The issue is triggered when an attacker connects to an undocumented UDP port 9090, which will disclose the phones software version and MAC address information resulting in a loss of confidentiality.

- 时间线

2005-11-17 Unknow
2005-11-16 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Zyxel P2000W VOIP WIFI Phone Information Disclosure Vulnerability
Access Validation Error 15478
Yes No
2005-11-16 12:00:00 2009-07-12 05:56:00
Shawn Merdinger <> is credited with the discovery of this vulnerability.

- 受影响的程序版本

ZyXEL Prestige 2000W v.2 VoIP Wi-Fi Phone
ZyXEL Prestige 2000W v.1 VoIP Wi-Fi Phone

- 漏洞讨论

The Zyxel P2000W VOIP WIFI Phone is prone to an information disclosure vulnerability.

Sensitive information may be disclosed to attackers, and could be useful in further attacks. Informataion obtained may aid an attacker to perform denial of service attacks.

Both version 1, and 2 of these phones are vulnerable to this issue. Due to code reuse, other devices and versions may also be affected.

- 漏洞利用

An exploit is not required.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 相关参考