Vonage: Security Vulnerabilities
An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-12-05
On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.
CVSS Score
7.5
EPSS Score
0.183
Published
2017-11-20
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
CVSS Score
5.4
EPSS Score
0.001
Published
2017-11-16
The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content.
CVSS Score
10.0
EPSS Score
0.03
Published
2007-11-01
The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session.
CVSS Score
7.1
EPSS Score
0.003
Published
2007-11-01
The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access.
CVSS Score
10.0
EPSS Score
0.008
Published
2007-06-05