Tobias Glemser

**Name of the Vulnerable Software and Affected Versions** Microsoft Wireless Display Adapter V2 Software **Description** A command injection issue exists due to improper user input management. **Recommendations** For Microsoft Wireless Display Adapter V2 Software, update to a version that properly manages user input to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Cisco 7940/7960 Voice over IP (VoIP) phones (affected versions not specified) Description: The issue concerns the improper validation of certain values in a NOTIFY message, which can be exploited by remote attackers to spoof messages. This could potentially allow attackers to send fake messages, such as the "Messages waiting" message. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Grandstream BudgeTone (BT) 100 (affected versions not specified) Description: The issue concerns the Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones, which do not properly validate certain values in a NOTIFY message. This allows remote attackers to spoof messages, such as the "Messages waiting" message, by manipulating the Call-ID, branch, and tag values. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.