CVE-2009-1048

Name of the Vulnerable Software and Affected Versions snom 300 versions 6.5 through 6.5.19 snom 300 versions 7.1 through 7.1.38 snom 300 versions 7.3 through 7.3.13 snom 320 versions 6.5 through 6.5.19 snom 320 versions 7.1 through 7.1.38 snom 320 versions 7.3 through 7.3.13 snom 360 versions 6.5 through 6.5.19 snom 360 versions 7.1 through 7.1.38 snom 360 versions 7.3 through 7.3.13 snom 370 versions 6.5 through 6.5.19 snom 370 versions 7.1 through 7.1.38 snom 370 versions 7.3 through 7.3.13 snom 820 versions 6.5 through 6.5.19 snom 820 versions 7.1 through 7.1.38 snom 820 versions 7.3 through 7.3.13

Description The web interface of the snom VoIP phones allows remote attackers to bypass authentication and reconfigure the phone or make arbitrary use of the phone. This can be achieved via an http or https request with 127.0.0.1 in the Host header.

Recommendations For snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5, update to version 6.5.20 or later. For snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 7.1, update to version 7.1.39 or later. For snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 7.3, update to version 7.3.14 or later.