 |
 |
    |
Grandstream HandyTone-488 PSTN-to-VoIP adapter is vulnerable to fragmented packet attack
OverviewGrandstream HT-488 phone adapter can be crashed by sending a specially a flood of fragmented packets to port 5060. ImpactUsers of Grandstream HT-488 may be subjected to Denial of service attack causing their VoIP service based on the HT-488 to be disconnected. Description
The HandyTone 488 is a next generation Internet data, voice, fax and PSTN “all-in-one” integrated access device based on SIP standard. It can be used to connect a PSTN phone to VoIP service. The adapter is assigned a public IP address where it can be reached over an IP network. HT-488 uses port 5060 to receive messages on its public IP address. An attacker can send a flood of fragmented IP packets to the public port 5060 and crash the adapter. This causes denial of service to its users. Solution
Grandstream HT-488 should handle fragmented packets correctly to prevent such attacks. For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com |
UC Security Defined
Sipera Systems, the leader in real-time Unified
Communications (UC) security, is the choice of enterprises
and service providers around the world to support their
mission-critical UC deployments.
Sipera offers groundbreaking, production-proven solutions
that secure voice, video, messaging, collaboration, and
other real-time communications in converged IP networks,
boosting compliance with information security requirements.
Backed by the industry-leading research of the VIPER lab,
Sipera's solutions provide comprehensive threat protection,
policy enforcement, access control, and encryption in a
single flexible appliance.