They are truly a "fragile" class of new devices. I bought the over priced WIP330 for testing myself. And minus the rather good screen brightness and resolution in pretty disappointed with it (its just a cumbersome phone).
but as long as Cisco is still selling their gray scale wifi phone for $500 I consider it a deal. ----- Original Message ----- From: "Shawn Merdinger" <[EMAIL PROTECTED]> To: "pingywon" <[EMAIL PROTECTED]>; <[email protected]> Sent: Friday, December 08, 2006 1:53 AM Subject: Re: [Full-disclosure] Linksys WIP 330 VoIP wireless phone crash fromNmap scan > Hi, > > Yes, this is an extraordinarily lame bug, but that's sort of the point > with many of these VoIP phones, both wired and wireless. They are a > new class of device going onto networks and tend to be kind of sucky > when it comes to what I'd consider *expected customer environment tool > runs* like Nmap and Nessus, not to mention plenty of others such as > ISIC, Protos, Asteroid, <insert fuzzer-o'-the-day-here>...and that's > just sticking with the free stuff. > > I didn't find the bug anyways, I just reported it to Linksys and then > FD. And even though I'm poking around with a bunch of VoIP phones on > my own time and dime, I don't own one of these WIP 330s. > > Anyway, you seem happy with your WIP 330...once you got it configured... > http://www.trixbox.org/modules/newbb/viewtopic.php?topic_id=5974&forum=3#forumpost23445 > > Say, if you have the cycles for some free vendor QA, and since you > have a WIP 330 in hand, maybe you can find something much cooler with > that PhoneCtl.exe crash and get back to us? > > Thanks, > --scm > > > > > On 12/7/06, pingywon <[EMAIL PROTECTED]> wrote: >> >> "The crash >> > appears related to PhoneCtl.exe running on the phone's Windows CE 4.2 >> > operating system." >> >> "Let me take a look at that screenshot again..." >> >> http://www.flickr.com/photos/metalmijn/295348294/ >> >> "Heck buddy, you appear correct" >> >> ~p >> >> >> >> >> >> ----- Original Message ----- >> From: "Shawn Merdinger" <[EMAIL PROTECTED]> >> To: <[email protected]> >> Sent: Wednesday, December 06, 2006 1:40 PM >> Subject: [Full-disclosure] Linksys WIP 330 VoIP wireless phone crash >> fromNmap scan >> >> >> > Vulnerability Description >> > ================== >> > The Linksys WIP 330 VoIP wireless phone will crash when a full >> > port-range Nmap scan is run against its IP address. >> > >> > >> > Linksys WIP 330 Firmware Version >> > ========================== >> > 1.00.06A >> > >> > >> > Nmap scan command >> > ================ >> > nmap -P0 <WIP 330 ip address> -p 1-65535 >> > >> > >> > Impact >> > ===== >> > The crash is only after Nmap has finished. The Nmap scan also seems to >> > disrupt updating of the display as the clock is not updated. The crash >> > appears related to PhoneCtl.exe running on the phone's Windows CE 4.2 >> > operating system. >> > >> > Screenshot of the crash: >> > http://www.flickr.com/photos/metalmijn/295348294/ >> > >> > >> > Credit >> > ==== >> > Credit for discovering this vulnerability goes to Armijn Hemel >> > >> > _______________________________________________ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> > >> >> > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
