Posted by kapejod () googlemail com on Jan 12

Snom SIP phones (www.snom.com) have a builtin HTTP/HTTPS configuration
interface, which is enabled by default.

By making a single HTTP POST request all available memory (and CPU) can be
exhausted, resulting in a reboot of the phone.
This even works if the HTTP/HTTPS interface is protected by username and
password (probably the credentials are checked a few more lines later when
the complete request has been received).

Affected models: MP, 3XX,…