FD, 3 New VOIP Vulnerabilities released

From FD,

Title: Linksys SPA-921 VoIP Desktop Phone HTTP Server DoS

Version: 1.0.0

Issues:

1.A long URL request to the phone's HTTP server will cause the phone to
reboot.
2.A long username or password in the HTTP basic auth field will cause the
phone to reboot.

Credit:
Shawn Merdinger, Independent Security Researcher

and

Title: PolyCom IP-301 VoIP Desktop Phone HTTP server DoS and undocumented
TCP port 42

Version: 1.4.1.0040

Issues:

1.Phone reboots from the Nessus http_fingerprinting_hmap.nasl script.
2.Phone reboots from a long URL sent to the HTTP daemon
3.Undocumented open port TCP/42 returns ?Halt! Who goes there?? and unique
string

telnet 192.168.1.202 42
Connected to 192.168.1.202.
Escape character is '^]'.

Halt! Who goes there?
atL{wa5=wg[U/{m=]t_{3w3urCff=1a0

Credit:
Shawn Merdinger, Independent Security Researcher

and

Title: GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP
ports and DoS

Version: 1.1.0.5

Issues:

1.The phone has multiple undocumented open UDP ports, including 5062,
5064, 5066, 9876, 26789
2.Sending large amount of ascii data via NetCat to any open UDP port,
including UDP/5060, results in the phone either rebooting or placed in a
frozen state, possibly appearing normal (display maintains text, etc.),
except the phone will not be functional.

Credit:

Shawn Merdinger, Independent Security Researcher