Security Notification

IP Phone WiFi Detection Vulnerability

  • Internal Number

    BTSIN-2023-001
  • Release Data

    2023-12-15
  • Recent Updates

    2024-03-02

Detailed description

Bittel received customer reports of WiFi detection vulnerabilities in December 2023, which may allow unauthorized local applications to illegally cross boundaries and write to local WiFi services, potentially leading to service crashes, code execution, and more.

After receiving the report, Bittel's security team quickly organized an investigation and has identified that only IP with rope calls are affected by this security vulnerability. Attackers can only exploit this vulnerability during the device's network configuration phase, making the phone WiFi unavailable and affecting the product's availability; There is currently no evidence to suggest that the vulnerability was actually exploited.

Status update:
As of March 2024, Bit has released security updates for the following affected models. Please refer to the table below for more information:

Affected Models Security Update Version
HA62TSD-IP V3.20_240302 and higher versions
IP20 V3.20_240302 and higher versions
IP60 V3.20_240302 and higher versions
MODA SE V3.20_240302 and higher versions

Revision Record

First Creation: 2023-12-15

Update Date: 2024-03-02

Terms and Statements

Bittel welcomes outstanding security experts and security research teams to propose security vulnerabilities in Bittel products, jointly providing security protection for billions of Bittel users worldwide. You can learn about Bittel's vulnerability handling process and submission methods on the official Bittel website page.
Bittel does not promise any express, implied, or statutory warranties regarding the disclosed security vulnerability information, including but not limited to warranties of merchantability, applicability, and non infringement. You understand that the security vulnerability information disclosed by you is only for your reference in evaluating security risks and making security decisions. You are solely responsible for the risks and consequences of any actions based on the vulnerability information. Under no circumstances shall Bittel be liable for any losses, including direct, indirect, incidental, inevitable loss of commercial profits or special losses.