 |
 |
    |
Grandstream HandyTone-488 PSTN-to-VoIP adapter is vulnerable to fragmented packet attack
OverviewGrandstream HT-488 phone adapter can be crashed by sending a specially a flood of fragmented packets to port 5060. ImpactUsers of Grandstream HT-488 may be subjected to Denial of service attack causing their VoIP service based on the HT-488 to be disconnected. Description
The HandyTone 488 is a next generation Internet data, voice, fax and PSTN “all-in-one” integrated access device based on SIP standard. It can be used to connect a PSTN phone to VoIP service. The adapter is assigned a public IP address where it can be reached over an IP network. HT-488 uses port 5060 to receive messages on its public IP address. An attacker can send a flood of fragmented IP packets to the public port 5060 and crash the adapter. This causes denial of service to its users. Solution
Grandstream HT-488 should handle fragmented packets correctly to prevent such attacks. For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com |
Unified Communications Unleashed
Sipera Systems is the worldwide market leader in solutions for the rapid and simple adoption of Unified Communications (UC).
Thousands of users around the globe rely on Sipera to secure VoIP, IP video, collaboration, messaging and dozens of other high-performance applications.
Sipera’s groundbreaking “Borderless UC” enables controlled communications to any device in any location.
Years of UC Security experience is contained in Sipera unified communications (UC-Sec) products. These appliances benefit from the research conducted by Sipera VIPER Lab to provide comprehensive threat protection, policy enforcement, access control, and privacy in a single, real-time appliance.