20 matches found
EUVD-2017-7755
Malware in sbrugna...
EUVD-2017-7756
Malware in sbrugna...
EUVD-2017-7757
Malware in sbrugna...
Vonage HT802 Cross-Site Scripting Vulnerability
The Vonage Grandstream HT802 devices is a home gateway device from Vonage USA. A cross-site scripting vulnerability exists in /cgi-bin/config2 on Vonage Grandstream HT802 devices. A remote user can exploit the vulnerability to inject arbitrary web script or HTML via the DHCP vendor class ID field...
Vonage HT802 Cross-Site Request Forgery Vulnerability
The Vonage Grandstream HT802 devices is a home gateway device from Vonage USA. A cross-site request forgery vulnerability exists in /cgi-bin/login in Vonage Grandstream HT802 devices. A remote attacker could exploit this vulnerability to log in to the target device...
Vonage HT802 Cross-Site Request Forgery Vulnerability
The Vonage Grandstream HT802 devices is a home gateway device from Vonage USA. A cross-site request forgery vulnerability exists in the Basic Settings screen on Vonage Grandstream HT802 devices. A remote attacker could exploit this vulnerability to change settings...
Cross site scripting
Stored Cross-site scripting XSS vulnerability in /cgi-bin/config2 on Vonage Grandstream HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field P148...
CVE-2017-16564
Stored Cross-site scripting XSS vulnerability in /cgi-bin/config2 on Vonage Grandstream HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field P148...
CVE-2017-16565
Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...
CVE-2017-16563
Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...
CVE-2017-16564
Stored Cross-site scripting XSS vulnerability in /cgi-bin/config2 on Vonage Grandstream HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field P148...
CVE-2017-16565
Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...
CVE-2017-16564
Stored Cross-site scripting XSS vulnerability in /cgi-bin/config2 on Vonage Grandstream HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field P148...
CVE-2017-16565
Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...
CVE-2017-16563
Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...
CVE-2017-16563
The CVE-2017-16563 entry documents a CSRF flaw in the Basic Settings page of Vonage (Grandstream) HT802 home gateway devices. The vulnerability allows an attacker to modify device settings via the cgi-bin/update endpoint without proper authorization, as described in the description. Connected sou...
CVE-2017-16565
CVE-2017-16565 describes a CSRF vulnerability in the Vonage (Grandstream) HT802 home gateway. An attacker can abuse CSRF on the /cgi-bin/login page to authenticate a user by using the device’s default password (123) and submit arbitrary requests. Public sources corroborate that this affects HT802...
CVE-2017-16564
Affected : Vonage (Grandstream) HT802 home gateway devices. Vulnerability : Stored Cross-Site Scripting (XSS) in /cgi-bin/config2, exploitable via the DHCP vendor class ID field (P148). Impact : remote authenticated users can inject arbitrary web script/HTML (per CVE-2017-16564). Root cause : XSS...