The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vonage | motorola_phone_adapter_vt2142-vd | * |
The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vonage | motorola_phone_adapter_vt2142-vd | * |
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vonage | vdv-23_firmware | 3.2.11-0.9.40 |
On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vonage | vdv-23_firmware | 3.2.11-0.9.40 |
An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vonage | vdv23_firmware | vdv21-3.2.11-0.5.1 |