This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


Vendor Snom First view 2009-08-14
Product Snom 370 Last view 2009-08-14
Version 7.3.4 Type Hardware
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
CPE Product cpe:2.3:h:snom:snom_370

Activity : Overall

Related : CVE

  Date Alert Description
10 2009-08-14 CVE-2009-1048

The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with in the Host header.

CWE : Common Weakness Enumeration

100% (1) CWE-287 Improper Authentication

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-57 Utilizing REST's Trust in the System Resource to Register Man in the Middle
CAPEC-89 Pharming
CAPEC-94 Man in the Middle Attack
CAPEC-114 Authentication Abuse

Open Source Vulnerability Database (OSVDB)

id Description
57028 Snom VoIP Phones Crafted Host Header Authentication Bypass