CVE-2007-3347

high

Description

The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35063

http://www.vupen.com/english/advisories/2007/2320

http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=219&

http://www.securityfocus.com/bid/24560

http://secunia.com/advisories/25803

Details

Source: Mitre, NVD

Published: 2007-06-22

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.0024