I disclosed the following issue at ShmooCon 2006 <http://www.shmoocon.org/> during my "VoIP Wireless Phone Security Analysis" presentation.
Thanks, --scm =============================================================== DATE: 16 January, 2006 VENDOR NOTIFIED: 7 December, 2005 VENDOR: Zyxel PRODUCT: ZyXel P2000W (Version 2) VoIP 802.11b Wireless Phone http://www.zyxel.com/product/model.php?indexcate=1122437334&indexFlagvalue=1075687935 Firmware version: WV.00.02 VULNERABILITY TITLE: Zyxel P2000W (Version 2) VoIP wireless phone undocumented port UDP/9090 DETAILS, IMPACT AND WORKAROUND: The Zyxel P2000W (Version 2) VoIP wireless phone has an undocumented port, UDP/9090, that provides an unauthenticated attacker information about the phone, specifically the phone's MAC address and software version. An attacker can use this vulnerabiltiy to easily identiy the phone and software version. Also, the undocumented open port may provide an avenue for DoS. There appears to be no workaround for this issue as far as disabling the port. CONTACT INFORMATION: Shawn Merdinger [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/