Stored Cross-site scripting (XSS) vulnerability in Vonage (Grandstream) HT802 devices via DHCP vendor class ID field (P148) in /cgi-bin/config2

Stored Cross-site scripting (XSS) vulnerability in Vonage (Grandstream) HT802 devices via DHCP vendor class ID field (P148) in /cgi-bin/config2

CVE-2017-16564 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).

Learn more about our Web App Pen Testing.