CVE-2005-2182 Information

Description

Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID branch and tag values in a NOTIFY message to verify a subscription which allows remote attackers to spoof messages such as the \Messages waiting\ message.

Reference

http://marc.info/?l=bugtraq&m=112067698624686&w=2 http://pentest.tele-consulting.com/advisories/05_07_06_voip-phones.txt http://www.securitytracker.com/alerts/2005/Jul/1014407.html https://exchange.xforce.ibmcloud.com/vulnerabilities/21260