CVE-2005-2182

Published: Jul 11, 2005Modified: Apr 16, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

Affected (1)

Products: Grandstream: Bt 100 Firmware

1 product

Bt 100 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Grandstream Bt 100 Firmware	All versions

Running on/with	Platform Versions
Grandstream Bt 100	All versions

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (8)

http://marc.info/?l=bugtraq&m=112067698624686&w=2

Source: cve@mitre.org

Mailing List

http://pentest.tele-consulting.com/advisories/05_07_06_voip-phones.txt

Source: cve@mitre.org

Broken LinkVendor Advisory

http://www.securitytracker.com/alerts/2005/Jul/1014407.html

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/21260

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://marc.info/?l=bugtraq&m=112067698624686&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://pentest.tele-consulting.com/advisories/05_07_06_voip-phones.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

http://www.securitytracker.com/alerts/2005/Jul/1014407.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/21260

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.