Stored Cross-Site Scripting Vulnerability in Vonage HT802 Devices
CVE-2017-16564

5.4MEDIUM

Key Information:

Vendor
CVE Published:
6 November 2017

What is CVE-2017-16564?

A stored cross-site scripting vulnerability exists on Vonage (Grandstream) HT802 devices. This security flaw allows remote authenticated users to inject arbitrary web scripts or HTML via the DHCP vendor class ID field, potentially compromising the integrity of the device and enabling the execution of malicious code.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-16564 : Stored Cross-Site Scripting Vulnerability in Vonage HT802 Devices