VYPR
Vendor

Vonage

Products
5
CVEs
9
Across products
11
Status
Private

Products

5

Recent CVEs

9
  • CVE-2017-16565HigNov 6, 2017
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.

  • CVE-2017-16902HigNov 20, 2017
    risk 0.52cvss 7.5epss 0.08

    On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.

  • CVE-2017-16563HigNov 6, 2017
    risk 0.52cvss 8.0epss 0.00

    Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.

  • CVE-2017-16843MedNov 16, 2017
    risk 0.38cvss 5.4epss 0.01

    Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.

  • CVE-2017-16564MedNov 6, 2017
    risk 0.35cvss 5.4epss 0.01

    Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).

  • CVE-2023-47304Dec 5, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device.

  • CVE-2007-5791Nov 1, 2007
    risk 0.00cvss epss 0.04

    The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone…

  • CVE-2007-5792Nov 1, 2007
    risk 0.00cvss epss 0.01

    The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session.

  • CVE-2007-3047Jun 5, 2007
    risk 0.00cvss epss 0.02

    The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access.