CVE-2007-3368
Description
Buffer overflow in Polycom SoundPoint IP 601 SIP phone HTTP server allows remote denial of service via malformed CGI parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in Polycom SoundPoint IP 601 SIP phone HTTP server allows remote denial of service via malformed CGI parameter.
Vulnerability
A buffer overflow vulnerability exists in the HTTP server of the Polycom SoundPoint IP 601 SIP phone running BootROM version 3.0.x and later. The flaw is triggered by a malformed CGI parameter, allowing an attacker to cause a device reboot. The affected device is the SoundPoint IP 601 with BootROM 3.0.x+ [1].
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malformed CGI parameter to the phone's HTTP server. No prior authentication or user interaction is required. The attack is network-based and can be executed from any reachable host.
Impact
Successful exploitation results in a denial of service condition, causing the device to reboot. This disrupts voice communications and renders the phone temporarily unavailable. The impact is limited to availability; no data confidentiality or integrity is compromised.
Mitigation
Polycom addressed this vulnerability in a firmware update. Users should upgrade to the latest firmware version as indicated in the release notes for SoundPoint IP SIP 2.1.1 [1]. If upgrading is not immediately possible, restricting network access to the phone's HTTP server can reduce exposure.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cpe:2.3:h:polycom:soundpoint_ip_650:bootrom_3.0.0:*:*:*:*:*:*:*
- Range: <= BootROM 3.0.x+
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.