CVE-2004-2451

Roger Wilco 1.4.1.6 and earlier - Unauthenticated Audio Channel Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2451. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The vulnerability in Roger Wilco Server allows an attacker to transmit unauthorized UDP audio streams to a channel without authenticating via TCP. The attacker only needs knowledge of user IDs (0-127) to broadcast audio, which cannot be muted or disconnected by the server administrator.

Description

Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or earlier, allows remote attackers to send audio to arbitrary channels, aka the "Voices from the deep" bug.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Luigi Auriemma · textdosmultiple
https://www.exploit-db.com/exploits/23904

The vulnerability in Roger Wilco Server allows an attacker to transmit unauthorized UDP audio streams to a channel without authenticating via TCP. The attacker only needs knowledge of user IDs (0-127) to broadcast audio, which cannot be muted or disconnected by the server administrator.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Roger Wilco Server
No auth needed
Prerequisites: Knowledge of target channel user IDs (0-127)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15819
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-03/0352.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10025
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11270

Scores

EPSS 0.0230
EPSS Percentile 81.1%

Details

Status published
Published Dec 31, 2004
Tracked Since Feb 18, 2026