CVE-2017-16563
https://notcve.org/view.php?id=CVE-2017-16563
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. Cross-Site Request Forgery (CSRF) en la pantalla Basic Settings en dispositivos Vonage (Grandstream) HT802 permite que atacantes modifiquen la configuración. Esto se relaciona con cgi-bin/update. • https://distributedcompute.com/2017/11/04/vonage-ht802-multiple-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-16564
https://notcve.org/view.php?id=CVE-2017-16564
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). Una vulnerabilidad de Cross-Site Scripting (XSS) persistente en /cgi-bin/config2 en dispositivos Vonage (Grandstream) HT802 permite que usuarios remotos autenticados inyecten scripts web o HTML arbitrarios mediante el campo ID de clase de proveedor DHCP (P148). • https://distributedcompute.com/2017/11/04/vonage-ht802-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •