Sign up

Vonage Forum Menu

Vonage Forums
Vonage VoIP Forum
mikebrown Posted:
Hello, I think
you should consult
it with the Expert
they can surely
help you

In The Forum:
Hard Wiring - Installation
Hardwiring in a Rental House
On Jun 24, 2017 at 09:15:34

Haniltery Posted:
For wipe call
history also some
of the offline, in
gengral , it
usually apply to

In The Forum:
How to Delete call history from online account?
On May 09, 2017 at 06:14:26

diana87 Posted:
You have to use
VPN service to
and get free
access while

In The Forum:
Recent calling problem from Egypt
On May 02, 2017 at 17:28:06

dconnor Posted:
What is the main
number on the
account? And
which one is the
virtual number?

In The Forum:
Vonage UK
How do you call 999
On Apr 27, 2017 at 18:52:02

Trafford Posted:
Seems like a
question. We
rely exclusively
on a Vonage system
for our

In The Forum:
Vonage UK
How do you call 999
On Apr 27, 2017 at 10:42:50

diazou Posted:
Hello, It's
compatible with
Android your phone
? Thanks!

In The Forum:
IP PBX for small business
On Mar 28, 2017 at 12:42:33

jeddaisg Posted:
Hi all We have
a Vonage VOIP
system for our
office. Lately,
our call quality

In The Forum:
Ethernet Cable; Wiring schematic? 568-B?
On Feb 23, 2017 at 18:33:52

beast321 Posted:
I don't know if
you heard, that
many more
Dreamcast games
are opened up

In The Forum:
Fax - Tivo - Alarms
Using phone as a dial up modem for Dreamcast Gaming
On Feb 16, 2017 at 03:16:51

Av8rix Posted:
Sorry to start a
new thread on an
old topic but when
I google “Vonage
MAC address

In The Forum:
New adapter and router -- MAC change
On Jan 11, 2017 at 01:07:21

tplink Posted:
Im trying to add
my HT802 vonage
adapter to my home
network. I
currently have

In The Forum:
Hard Wiring - Installation
Vonage behind switch
On Dec 05, 2016 at 12:35:11

Vonage VoIP Forums

Vonage In The News
Vonage Expands International Presence with Investments in Asia Pacific Region

Vonage to Present at the Oppenheimer 20th Annual Technology, Internet & Communications Conference


Vonage Customer Reviews
Salt Lake City: impressions after several months
Salt Lake City: impressions after several months

Review: My First Day With Vonage, Excellent!
Review: My First Day With Vonage, Excellent!

Great Price, No Complaints
Great Price, No Complaints

You need some common sense.
You need some common sense.

Vonage Customer Review: One month with Vonage, and...
Vonage Customer Review: One month with Vonage, and...

Vonage Reviews

Post new topic   This topic is locked: you cannot edit posts or make replies.  Vonage® VoIP Forum - Vonage News, Reviews And Discussion » Vonage Forum Archive
Author Message
New Forum Member
New Forum Member

Joined: May 21, 2006
Posts: 3

PostPosted: Tue Aug 08, 2006 6:18 am    Post subject: Security Problems with RTP300 and WRTP54G routers Reply with quote Back to top

Has anyone contacted Voange about the security problems the Cisco/Linksys routers have, as reported in CNN?

My first contact with Vonage was negative. They do not seem to show any knowledge of the problem. Vonage provided us with the RTP300.

I'll keep pushing on them.

Has anyone heard of Vonage fixing the security problems with the routers they sold us?

CNN article:

Routers faulted

Another security professional showed how people can have their phone numbers hijacked when using certain types of equipment that route calls over the Internet.

The research, from Arias Hung, a security professional with Media Access Guard in Seattle, showed how to control the inner workings of Internet phone routers made by Linksys, which is owned by Cisco Systems Inc.

Once the routers are accessed, a person can change the device's so-called media access control address, which acts as a serial number that Internet phone providers such as Vonage Holdings Corp. use to verify the identity of customers.

A person exploiting the flaw could intercept calls made to a legitimate Vonage user and make calls that would appear to come from the user's phone number.

"The service providers should be very concerned," Hung said. "The general consumer should stay away from this router," he said, referring to two models that Linksys designates the WRTP54G and the RTP300.

Cisco spokeswoman Molly Ford said she could not immediately comment on Hung's research.
View user's profile Send private message
Vonage Forum MVM
Vonage Forum <b>MVM</b>

Joined: Nov 01, 2005
Posts: 2257
Location: New England

PostPosted: Tue Aug 08, 2006 7:03 am    Post subject: Reply with quote Back to top


The article is very sketchy, as are all the other articles on the issue, but it appears that they are saying that the device can be cracked when in your possession and the MAC address changed. This is true of all routers. The MAC address is stored in NVRAM, with a factory default, and if you managed to load aftermarket firmware into a WRTP54G or RTP300, you could very likely change its MAC address.

If this concerns you, you should also be aware that many cell phones can be "cloned" in a similar fashion.

Of course, in addition to the MAC address, Vonage also uses a username and password which is not provided to the end user. So, in addition to cracking the device and spoofing a MAC address, the thief would need that username and password.

The thief could get this, but only by monitoring your Internet connection and capturing packets (or by gaining access to your router, which could be physical access or remote, if you are foolish enough to enable remote administration and use a simple username/password combination, which is NOT the factory default setting).

If said thief is watching your network, they already have all of your email and any unencrypted passwords you put on web sites. Making unauthorized calls on your Vonage line might be the least of your worries then.

Then, of course, there's the fact that they'd need some form of physical access to monitor your network, or a really poorly configured router that allows detailed logging to be sent remotely (which the Linksys/Vonage routers are not even capable of).

Again, I'd love to see more details on this research, and a description of how it is done. I know how to extract the MAC address and username/password of the RTP300/WRTP54G if I had physical access to one, and I know how to alter it if I wanted to, but gaining remote access to one so I can clone it? Not in the default factory setting, and not using any method I've ever heard of even if the user opens the device up to me remotely. Admittedly I'm not the sharpest knife in the drawer, but the news media also love to make a splash with a partially-informed article here and there blown out of proportion Wink

Comcast Cable (3m down / 256k up) -> Linksys BEFCMU10 v2 (DOCSIS 1.0) -> WRT54G v4 ("Tomato" firmware) -> the rest of my network including a WRTP54G (Firmware: 5.01.04)
My Vonage Self-Help Guides:
View user's profile Send private message
Vonage Forum MVM
Vonage Forum <b>MVM</b>

Joined: Feb 05, 2005
Posts: 1424
Location: Carlsbad, CA (finally)

PostPosted: Tue Aug 08, 2006 12:58 pm    Post subject: Reply with quote Back to top

In the thread we started Sunday on this topic I address some additional specific limitations of this attack and post a link to the abstract of the presentation made by Arias Hung at DefCon.

I was not aware of the username/password settings in the routers described by NateHoy and to some extent question their existence. If there is a password in there, where did it come from? If it came from Vonage in the first place, then wouldn't impersonating another router and forcing a download of the configuration would result in obtaining that username and password.

So, I don't believe, at this time, your network would necessarily need to be monitored to have your phone number hijacked.

Stephen P. Cerruti (ISP: TWC)
View user's profile Send private message Visit poster's website Yahoo Messenger
Vonage Forum MVM
Vonage Forum <b>MVM</b>

Joined: Nov 01, 2005
Posts: 2257
Location: New England

PostPosted: Tue Aug 08, 2006 2:05 pm    Post subject: Reply with quote Back to top

I look forward to hearing more about the presentation. Since both the abstract and the (possibly sensationalized) CNN report are sketchy at best, and lacking in any detail, I can't fully analyze the threat. Plus the fact that, though I've read instructions on cracking the WRTP54G and RTP300 and I know it's not terribly hard to do, it's not something I'm ready to do with my factory device (I depend on my line, so losing it through a TOS violation is not a risk I want to take at this time). (grin)

However, a few points:

1. The MAC address that Vonage gets is not the same MAC address that is reported to, say, your ISP. MAC address spoofing is available on the GUI interface, but of course Vonage is not "fooled" by it. The MAC address also survives a factory reset, meaning it is stored "deeper" than NVRAM, which would be wiped on a factory reset.

2. While 1.00.60 is available as open source, it does not include a lot of the code, including the Vonage communication code, the wireless drivers, and a few others. Those chunks are provided as binaries that get compiled into the In order to load aftermarket firmware onto these devices, you have to make note of your Vonage SIP username and password, which are stored on the device. The reason for this (as explained on the hacker sites) is that you need to prevent the router from talking to Vonage to get new config files or firmware.

Now, given #1 and #2, it is possible that Vonage's code to load the config file is capable of reading the real MAC address off the ethernet board, and not the one in NVRAM, and since that communications code is not open-sourced, spoofing that seems like a non-trivial task.

Even if, as is likely, the username and password are downloaded from Vonage in the form of the config update, I'd have to see a lot more detail from this presentation to say this is a threat.

Perhaps that's exactly what Arias Hung has done, and if so I agree it's a threat. The cell companies have many of the same issues. Vonage will have a tough row to hoe if this is a real threat, since they can't fix it in firmware without changing the way their servers talk to the RTP300/WRTP54G devices at the same time, since leaving the communications compatible with the current firmware means the vulnerability is still there.

Another oddity, of course, is that the customer is going to notice the theft fairly soon. Vonage is pretty good about only talking to a particular account via one device/IP address, as we've seen from several people who have successfully set up 2 or more devices on a single account. If one Vonage device at one IP address is logged in to the account, the second one will drop. Now, of course, given the quality of the RTP300/WRTP54G devices, maybe someone would half expect their LINE1 light to be out a lot, and would expect to be unable to dial out frequently, but I doubt it. Wink

Comcast Cable (3m down / 256k up) -> Linksys BEFCMU10 v2 (DOCSIS 1.0) -> WRT54G v4 ("Tomato" firmware) -> the rest of my network including a WRTP54G (Firmware: 5.01.04)
My Vonage Self-Help Guides:
View user's profile Send private message
Site Admin
Site Admin

Joined: Mar 05, 2003
Posts: 2264
Location: The Beach

PostPosted: Tue Aug 08, 2006 2:09 pm    Post subject: Reply with quote Back to top

This topic is being discussed HERE

Have Questions? Need to speak to Vonage before signing up?
Call: 1-888-692-8074
Both Business and Residential customers can call and speak to a Vonage Sales Rep 24 hours a day.
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

All times are GMT - 5 Hours

Vonage Service Plans

Vonage VoIP Members
Members List Members
New patsykf3
New Today 0
Yesterday 0
Total 101029

Who Is On Site
Visitors 1
Members 0
Total 1

Vonage VoIP Forum Members:
Login Here
Not a Member? You can Register Here
As a registered member you will have access to the VoIP Speed Test, Vonage Service Announcements and post comments in the
Vonage VoIP Forums

Vonage Stock Price
Last Trade: tp://">VG : Summary for Vonage Holdings Corp. - Yahoo Finance

Site Search

†AK and HI residents pay $29.95 shipping. ††Limited time offer. Valid for residents of the United States (&DC), 18 years or older, who open new accounts. Offer good while supplies last and only on new account activations. One kit per account/household. Offer cannot be combined with any other discounts, promotions or plans and is not applicable to past purchases. Good while supplies last. Allow up to 2 weeks for shipping. Other restrictions may apply.

1Unlimited calling and other services for all residential plans are based on normal residential, personal, non-commercial use. A combination of factors is used to determine abnormal use, including but not limited to: the number of unique numbers called, calls forwarded, minutes used and other factors. Subject to our Reasonable Use Policy and Terms of Service.

2Shipping and activation fees waived with 1-year agreement. An Early Termination Fee (with periodic pro-rated reductions) applies if service is terminated before the end of the first 12 months. Additional restrictions may apply. See Terms of Service for details.

HIGH SPEED INTERNET REQUIRED. †VALID FOR NEW LINES ONLY. RATES EXCLUDE INTERNET SERVICE, SURCHARGES, FEES AND TAXES. DEVICE MAY BE REFURBISHED. If you subscribe to plans with monthly minutes allotments, all call minutes placed from both from your home and registered ExtensionsTM phones will count toward your monthly minutes allotment. ExtensionsTM calls made from mobiles use airtime and may incur surcharges, depending on your mobile plan. Alarms, TTY and other systems may not be compatible. Vonage 911 service operates differently than traditional 911. See for details.

** Certain call types excluded. is not an official Vonage support website & is independently operated.
All logos and trademarks are property of their respective owners. All comments are property of their posters.
All other content is © Copyright 2002 - 2013 by 4Sight Media LLC.

Thinking of signing up for Vonage but have questions?
Business and Residential customers can call Toll Free 24 hours a day at: 1-888-692-8074
No Vonage Promotion Code or Coupon Codes are required at to receive any special,
best Vonage cheap deals, free sign up offers or discounts.

[ | | | | | ]

Vonage Forum Site Maps

Vonage | VoIP Forum | How VoIP Works | Wiring and Installation Page Two | International Rate Plans 2 | Internet Phone
Promotion | Vonage Review | VoIP | Broadband Phone | Free Month | Rebate | Vonnage | Vontage | VoIP | Phone Service
Phone | llamadas ilimitadas a Mexico | Latest News | VoIP Acronyms | Deal | Philippines Globe Phone | Site Maps

The Vonage Forum provides the Vonage sign up Best Offer Promotion Deal.
If you are considering signing up for Vonage and have found our Vonage News, Customer Reviews, Forums
& all other parts of this site useful, please use our Vonage Sign up page.

Vonage VoIP Phone Service is redefining communications by offering consumers
& small business VoIP Internet phones, an affordable alternative to traditional phone service.
The Vonage VoIP Forum Generated This Page In: 0.34 Seconds and Pages In The Last 60 Seconds
The Vonage VoIP Forum