Vendor
Vonage
Products
3
CVEs
5
Across products
5
Status
Private
Products
3- 2 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-16902 | Hig | 0.53 | 7.5 | 0.18 | Nov 20, 2017 | On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot. | |
| CVE-2017-16843 | Med | 0.38 | 5.4 | 0.00 | Nov 16, 2017 | Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. | |
| CVE-2007-5791 | 0.00 | — | 0.04 | Nov 1, 2007 | The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content. | ||
| CVE-2007-5792 | 0.00 | — | 0.00 | Nov 1, 2007 | The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session. | ||
| CVE-2007-3047 | 0.00 | — | 0.01 | Jun 5, 2007 | The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access. |