20 matches found
EUVD-2017-7755
Malware in sbrugna...
EUVD-2017-7757
Malware in sbrugna...
EUVD-2017-7756
Malware in sbrugna...
Vonage HT802 Cross-Site Scripting Vulnerability
The Vonage Grandstream HT802 devices is a home gateway device from Vonage USA. A cross-site scripting vulnerability exists in /cgi-bin/config2 on Vonage Grandstream HT802 devices. A remote user can exploit the vulnerability to inject arbitrary web script or HTML via the DHCP vendor class ID field...
Vonage HT802 Cross-Site Request Forgery Vulnerability
The Vonage Grandstream HT802 devices is a home gateway device from Vonage USA. A cross-site request forgery vulnerability exists in the Basic Settings screen on Vonage Grandstream HT802 devices. A remote attacker could exploit this vulnerability to change settings...
Vonage HT802 Cross-Site Request Forgery Vulnerability
The Vonage Grandstream HT802 devices is a home gateway device from Vonage USA. A cross-site request forgery vulnerability exists in /cgi-bin/login in Vonage Grandstream HT802 devices. A remote attacker could exploit this vulnerability to log in to the target device...
CVE-2017-16565
Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...
CVE-2017-16563
Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...
CVE-2017-16565
Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...
CVE-2017-16564
Stored Cross-site scripting XSS vulnerability in /cgi-bin/config2 on Vonage Grandstream HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field P148...
CVE-2017-16564
Stored Cross-site scripting XSS vulnerability in /cgi-bin/config2 on Vonage Grandstream HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field P148...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...
Cross site scripting
Stored Cross-site scripting XSS vulnerability in /cgi-bin/config2 on Vonage Grandstream HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field P148...
CVE-2017-16565
CVE-2017-16565 describes a CSRF vulnerability in the Vonage (Grandstream) HT802 home gateway. An attacker can abuse CSRF on the /cgi-bin/login page to authenticate a user by using the device’s default password (123) and submit arbitrary requests. Public sources corroborate that this affects HT802...
CVE-2017-16563
The CVE-2017-16563 entry documents a CSRF flaw in the Basic Settings page of Vonage (Grandstream) HT802 home gateway devices. The vulnerability allows an attacker to modify device settings via the cgi-bin/update endpoint without proper authorization, as described in the description. Connected sou...
CVE-2017-16564
Stored Cross-site scripting XSS vulnerability in /cgi-bin/config2 on Vonage Grandstream HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field P148...
CVE-2017-16565
Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...
CVE-2017-16563
Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...
CVE-2017-16564
Affected : Vonage (Grandstream) HT802 home gateway devices. Vulnerability : Stored Cross-Site Scripting (XSS) in /cgi-bin/config2, exploitable via the DHCP vendor class ID field (P148). Impact : remote authenticated users can inject arbitrary web script/HTML (per CVE-2017-16564). Root cause : XSS...