CVE-2017-16564: XSS
First published: Mon Nov 06 2017(Updated: )
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Grandstream Ht802 Firmware | ||
| Grandstream Ht802 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2017-16564.
What is the severity rating of CVE-2017-16564?
CVE-2017-16564 has a severity rating of 5.4, which is considered medium.
What is the affected software?
The affected software is the Grandstream HT802 devices with the firmware version Grandstream Ht802 Firmware.
How does the vulnerability work?
The vulnerability allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field.
Is there a fix available for CVE-2017-16564?
It is recommended to update the firmware of the Grandstream HT802 devices to address this vulnerability.
- collector/nvd-index
- agent/tags
- agent/type
- agent/event
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/grandstream
- canonical/grandstream ht802 firmware
- canonical/grandstream ht802