Snom has a long tradition; they started in 1997, and do just SIP. For DECT, they simply re-sell solutions from RTX. Recently, they were bought by VTech and have to re-sell their Single-DECT product now. However, the desk phone series remains Snom. Nevertheless, amount of findings and bugs in their re-sold devices raises the question how they do their internal tests.
10.1.39.11
retested in Oct. 2019 with 10.1.42.14
retested in May 2020 with 10.1.51.12
8.9.3.96 (2018 Aug.) for Snom 710
8.9.3.88 (2018 Mar.) for Snom 720, 760
| Password: | Web: not set; Phone: 0000 Web → Advanced → QoS/Security → HTTP Server Web → Advanced → QoS/Security → Administrator Password |
| HTTPS: | enabled on default Web → Advanced → Network → Webserver Connection Type |
| Update: | Web → Software Update You can paste the URL of the latest firmware file directly. |
| Trust Anchors: | firmware 10: uses the list of Mozilla, on default firmware 8: Web → Certificates → Activate → Custom The preinstalled certificates take precedence (see bugs below). |
| SIP-URI User: | Web → Identity → Login → Account |
| SIP-URI Host: | Web → Identity → Login → Registrar |
| SIP-over-TLS: | used on default; thanks to DNS-NAPTR to disable DNS-NAPTR, enter an Outbound Proxy like ‘tel.t-online.de;transport=tcp’ to disable DNS-NAPTR and DNS-SRV, add a port to the Registrar, like ‘tel.t-online.de:5060’ |
| SDES-sRTP: | used on default; since firmware 7 Web → Identity → RTP → RTP Encryption Web → Identity → RTP → RTP/SAVP: Off which is RTP/AVP with crypto |
| SHA-2 Digest: | ignores algorithm and picks first; therefore incompatible with Linphone |
| Audio: | opus-nb is disabled on default and has issues… amrwb is an optional feature and has issues… aal2-g726-32 is enabled on default but has the wrong endianness Mitigation: remove it via Web → Identity → RTP |
| Wi-Fi: | no support for WPA Enterprise like PEAPv0/EAP-MSCHAPv2; only WPA Personal (WPA2-PSK) and Open |
| TLS: | expired intermediate certificates block their signed trust anchor. For example in firmware 8, GTE CyberTrust Root is included as an intermediate; whyever. That blocks all chains which end in Baltimore CyberTrust Root. Mitigation: on your server, remove the intermediate to ‘Baltimore CyberTrust’ |
| DiffServ: | in IPv6, both SIP and RTP are at 0 |
| Audio DiffServ: | on default, 160 Mitigation: Web → (Setup) Advanced → QoS → RTP Type of Service (TOS/Diffserv): 184 |
| Bugs: | trust anchors are outdated (1024 bit, StartCom, Symantec) and cannot be overruled HTTPs Web interface asks for a client certificate which fails in Web browsers if you have such a certificate installed, like all Apple Safari users Mitigation: use a Web browser without having a client certificate installed firmware 8: Hostname Validation is off Mitigation: https://phoneIP/settings.htm?check_fqdn_against_server_cert=on |
| Privacy: | SIP REGISTER messages contain private IP (X-Real-IP) Mitigation: unknown SIP INVITE messages contain MAC (X-Serialnumber) Mitigation: unknown device phones home via HTTP to http://provisioning.snom.com Mitigation: Web → Advanced → Update → Update Policy: Never update, do not load settings |
| Responsible Disclosure: | via E-mail |
| Firmware Update: | missing Automation Although the phones are capable of it, Snom themselves do not offer a generic firmware URL, that would enable automatic updates; whyever. Newsletter via E-mail |
The D710, D715, and D725 are sometimes called just 710, 715, and 725. Snom has a life-cycle and a comparison List. Therefore, the Snom 710, 720, and 760 (tested) were not fixed.
5 V 2 A, Coaxial: 5.5 mm × 2.1 mm