Vonage
Products
5- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16565 | Hig | 0.57 | 8.8 | 0.00 | Nov 6, 2017 | Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. | ||
| CVE-2017-16902 | Hig | 0.52 | 7.5 | 0.08 | Nov 20, 2017 | On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot. | ||
| CVE-2017-16563 | Hig | 0.52 | 8.0 | 0.00 | Nov 6, 2017 | Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. | ||
| CVE-2017-16843 | Med | 0.38 | 5.4 | 0.01 | Nov 16, 2017 | Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. | ||
| CVE-2017-16564 | Med | 0.35 | 5.4 | 0.01 | Nov 6, 2017 | Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). | ||
| CVE-2023-47304 | 0.00 | — | 0.00 | Dec 5, 2023 | An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device. | |||
| CVE-2007-5791 | 0.00 | — | 0.04 | Nov 1, 2007 | The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone… | |||
| CVE-2007-5792 | 0.00 | — | 0.01 | Nov 1, 2007 | The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session. | |||
| CVE-2007-3047 | 0.00 | — | 0.02 | Jun 5, 2007 | The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access. |
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.
- risk 0.52cvss 7.5epss 0.08
On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.
- risk 0.52cvss 8.0epss 0.00
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.
- risk 0.38cvss 5.4epss 0.01
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
- risk 0.35cvss 5.4epss 0.01
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).
- CVE-2023-47304Dec 5, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device.
- CVE-2007-5791Nov 1, 2007risk 0.00cvss —epss 0.04
The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone…
- CVE-2007-5792Nov 1, 2007risk 0.00cvss —epss 0.01
The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session.
- CVE-2007-3047Jun 5, 2007risk 0.00cvss —epss 0.02
The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access.