Описание
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:linksys:spa2102_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:linksys:spa2102:-:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00481
Низкий
8.8 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-307
Связанные уязвимости
github
почти 4 года назад
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
EPSS
Процентиль: 65%
0.00481
Низкий
8.8 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-307