CVE-2007-4553

Thomson ST 2030 SIP Phone 1.52.1 - Denial of Service via Malformed Via Header

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-4553. PoCs published by Humberto J. Abdelnur, MADYNES.

AI-analyzed exploit summary This Perl script exploits a denial-of-service vulnerability in Thomson SpeedTouch 2030 by sending a malformed SIP INVITE message via UDP. The crafted packet causes the device to stop responding, affecting firmware version 1.52.1.

Description

The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Humberto J. Abdelnur · perldoshardware

https://www.exploit-db.com/exploits/30530

View Code ZIP pw:eip

This Perl script exploits a denial-of-service vulnerability in Thomson SpeedTouch 2030 by sending a malformed SIP INVITE message via UDP. The crafted packet causes the device to stop responding, affecting firmware version 1.52.1.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Thomson SpeedTouch 2030 firmware 1.52.1

No auth needed

Prerequisites: Network access to the target device · UDP port accessibility

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by MADYNES · perldoshardware

https://www.exploit-db.com/exploits/4319