Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter.
http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=273&