CVE-2007-3368

Name of the Vulnerable Software and Affected Versions Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+

Description The issue is related to a buffer overflow in the HTTP server, which can be triggered by remote attackers sending a malformed CGI parameter. This can cause a denial of service, resulting in the device rebooting.

Recommendations For Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+, consider restricting access to the HTTP server until a fix is available. As a temporary workaround, avoid using the vulnerable CGI parameter in the HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.