In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.
CPE | Name | Operator | Version |
---|---|---|---|
ecos_msdk_firmware | eq | 4.9.4-p1 | |
ecos_rsdk_firmware | eq | 1.5.7-p1 |