VYPR

Ht802 Firmware

by Grandstream

CVEs (3)

  • CVE-2017-16565HigNov 6, 2017
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.

  • CVE-2017-16563HigNov 6, 2017
    risk 0.52cvss 8.0epss 0.00

    Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.

  • CVE-2017-16564MedNov 6, 2017
    risk 0.35cvss 5.4epss 0.01

    Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).