Vulnerabilities > Grandstream > Ht802
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-06 | CVE-2017-16565 | Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. | 6.8 |
| 2017-11-06 | CVE-2017-16564 | Cross-site Scripting vulnerability in Grandstream Ht802 Firmware Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). | 3.5 |
| 2017-11-06 | CVE-2017-16563 | Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. | 6.0 |