VAR-200805-0149
Vulnerability from variot - Updated: 2025-04-10 23:19Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: the severity of this issue has been disputed since there are limited attack scenarios. Linksys SPA-2102 Phone Adapter is prone to a denial-of-service vulnerability when handling multiple packets in quick succession. Attackers can exploit this issue to deny access to the device's control center for legitimate users. Reports indicate that this issue is exploitable only via computers on the same LAN as the device. Linksys SPA-2102 Phone Adapter running firmware 3.3.6 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
4 days left of beta period.
The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success.
The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide.
The vulnerability is caused due to an error in the processing of overly large ping packets and can be exploited to e.g. cause the web interface to become inaccessible.
The vulnerability is reported in version 3.3.6. Other versions may also be affected.
SOLUTION: Restrict network access to the device.
PROVIDED AND/OR DISCOVERED BY: sipher
ORIGINAL ADVISORY: http://seclists.org/bugtraq/2008/Mar/0301.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200805-0149",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spa-2102 phone adapter",
"scope": "eq",
"trust": 1.9,
"vendor": "linksys",
"version": "3.3.6"
},
{
"model": "spa-2102 phone adapter",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "3.3.6"
}
],
"sources": [
{
"db": "BID",
"id": "28414"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004399"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-044"
},
{
"db": "NVD",
"id": "CVE-2008-2092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:linksys:spa-2102_phone_adapter",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004399"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sipher",
"sources": [
{
"db": "BID",
"id": "28414"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-044"
}
],
"trust": 0.9
},
"cve": "CVE-2008-2092",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2008-2092",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-32217",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-2092",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-2092",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200805-044",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-32217",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32217"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004399"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-044"
},
{
"db": "NVD",
"id": "CVE-2008-2092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet (\"ping of death\"). NOTE: the severity of this issue has been disputed since there are limited attack scenarios. Linksys SPA-2102 Phone Adapter is prone to a denial-of-service vulnerability when handling multiple packets in quick succession. \nAttackers can exploit this issue to deny access to the device\u0027s control center for legitimate users. Reports indicate that this issue is exploitable only via computers on the same LAN as the device. \nLinksys SPA-2102 Phone Adapter running firmware 3.3.6 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\n4 days left of beta period. \n\nThe 1st generation of the Secunia Network Software Inspector (NSI)\nhas been available for corporate users for almost 1 year and its been\na tremendous success. \n\nThe 2nd generation Secunia NSI is built on the same technology as the\naward winning Secunia PSI, which has already been downloaded and\ninstalled on more than 400,000 computers world wide. \n\nThe vulnerability is caused due to an error in the processing of\noverly large ping packets and can be exploited to e.g. cause the web\ninterface to become inaccessible. \n\nThe vulnerability is reported in version 3.3.6. Other versions may\nalso be affected. \n\nSOLUTION:\nRestrict network access to the device. \n\nPROVIDED AND/OR DISCOVERED BY:\nsipher\n\nORIGINAL ADVISORY:\nhttp://seclists.org/bugtraq/2008/Mar/0301.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2092"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004399"
},
{
"db": "BID",
"id": "28414"
},
{
"db": "VULHUB",
"id": "VHN-32217"
},
{
"db": "PACKETSTORM",
"id": "65807"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-32217",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32217"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-2092",
"trust": 2.8
},
{
"db": "BID",
"id": "28414",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "29523",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004399",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200805-044",
"trust": 0.7
},
{
"db": "XF",
"id": "41436",
"trust": 0.6
},
{
"db": "XF",
"id": "2102",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080324 RE: RE: LINKSYS PHONE ADAPTER DENIAL OF SERVICE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080325 RE: LINKSYS PHONE ADAPTER DENIAL OF SERVICE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080324 LINKSYS PHONE ADAPTER DENIAL OF SERVICE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080324 RE: LINKSYS PHONE ADAPTER DENIAL OF SERVICE",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-84804",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "31478",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-32217",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "65807",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32217"
},
{
"db": "BID",
"id": "28414"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004399"
},
{
"db": "PACKETSTORM",
"id": "65807"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-044"
},
{
"db": "NVD",
"id": "CVE-2008-2092"
}
]
},
"id": "VAR-200805-0149",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-32217"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:19:02.910000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004399"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32217"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004399"
},
{
"db": "NVD",
"id": "CVE-2008-2092"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/28414"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29523"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=120645736414059\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=120638296821936\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=120638162819268\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=120637551306325\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=120637257800425\u0026w=2"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41436"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2092"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2092"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41436"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/"
},
{
"trust": 0.3,
"url": "/archive/1/489995"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=120637257800425\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=120637551306325\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=120638296821936\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=120638162819268\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=120645736414059\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/18428/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector_2/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29523/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://seclists.org/bugtraq/2008/mar/0301.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32217"
},
{
"db": "BID",
"id": "28414"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004399"
},
{
"db": "PACKETSTORM",
"id": "65807"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-044"
},
{
"db": "NVD",
"id": "CVE-2008-2092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-32217"
},
{
"db": "BID",
"id": "28414"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004399"
},
{
"db": "PACKETSTORM",
"id": "65807"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-044"
},
{
"db": "NVD",
"id": "CVE-2008-2092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-32217"
},
{
"date": "2008-03-24T00:00:00",
"db": "BID",
"id": "28414"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004399"
},
{
"date": "2008-04-28T14:37:56",
"db": "PACKETSTORM",
"id": "65807"
},
{
"date": "2008-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200805-044"
},
{
"date": "2008-05-06T16:20:00",
"db": "NVD",
"id": "CVE-2008-2092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-32217"
},
{
"date": "2015-05-07T17:32:00",
"db": "BID",
"id": "28414"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004399"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200805-044"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-2092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200805-044"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys SPA-2102 Phone Adapter Packet Handling Denial of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "28414"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-044"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200805-044"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…