Details of VAR-201711-0061

ID

VAR-201711-0061

CVE

CVE-2017-16564

TITLE

Vonage HT802 Device cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009937

DESCRIPTION

Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). Vonage (Grandstream) HT802 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Vonage (Grandstream) HT802devices is a home gateway device from Vonage, USA

Trust: 2.34

sources: NVD: CVE-2017-16564 // JVNDB: JVNDB-2017-009937 // CNVD: CNVD-2017-36347 // VULHUB: VHN-107499 // VULMON: CVE-2017-16564

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-36347

AFFECTED PRODUCTS

vendor:	grandstream	model:	ht802	scope:	eq	version:	-	Trust: 1.6
vendor:	grandstream	model:	ht802	scope:	-	version:	-	Trust: 0.8
vendor:	vonage	model:	ht802	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-36347 // JVNDB: JVNDB-2017-009937 // CNNVD: CNNVD-201711-200 // NVD: CVE-2017-16564

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-16564
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-16564
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-36347
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201711-200
value:	LOW
Trust: 0.6
VULHUB:	VHN-107499
value:	LOW
Trust: 0.1
VULMON:	CVE-2017-16564
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-16564
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-36347
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-107499
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-16564
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-36347 // VULHUB: VHN-107499 // VULMON: CVE-2017-16564 // JVNDB: JVNDB-2017-009937 // CNNVD: CNNVD-201711-200 // NVD: CVE-2017-16564

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-107499 // JVNDB: JVNDB-2017-009937 // NVD: CVE-2017-16564

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-200

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201711-200

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009937

PATCH

title:

Top Page

url:

http://www.grandstream.com/

Trust: 0.8

sources: JVNDB: JVNDB-2017-009937

EXTERNAL IDS

db:	NVD	id:	CVE-2017-16564	Trust: 3.2
db:	JVNDB	id:	JVNDB-2017-009937	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-200	Trust: 0.7
db:	CNVD	id:	CNVD-2017-36347	Trust: 0.6
db:	VULHUB	id:	VHN-107499	Trust: 0.1
db:	VULMON	id:	CVE-2017-16564	Trust: 0.1

sources: CNVD: CNVD-2017-36347 // VULHUB: VHN-107499 // VULMON: CVE-2017-16564 // JVNDB: JVNDB-2017-009937 // CNNVD: CNNVD-201711-200 // NVD: CVE-2017-16564

REFERENCES

url:	https://distributedcompute.com/2017/11/04/vonage-ht802-multiple-vulnerabilities/	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16564	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16564	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-36347 // VULHUB: VHN-107499 // VULMON: CVE-2017-16564 // JVNDB: JVNDB-2017-009937 // CNNVD: CNNVD-201711-200 // NVD: CVE-2017-16564

SOURCES

db:	CNVD	id:	CNVD-2017-36347
db:	VULHUB	id:	VHN-107499
db:	VULMON	id:	CVE-2017-16564
db:	JVNDB	id:	JVNDB-2017-009937
db:	CNNVD	id:	CNNVD-201711-200
db:	NVD	id:	CVE-2017-16564

LAST UPDATE DATE

2025-04-20T23:22:09.427000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-36347	date:	2017-12-06T00:00:00
db:	VULHUB	id:	VHN-107499	date:	2017-11-27T00:00:00
db:	VULMON	id:	CVE-2017-16564	date:	2017-11-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-009937	date:	2017-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201711-200	date:	2017-11-08T00:00:00
db:	NVD	id:	CVE-2017-16564	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-36347	date:	2017-12-06T00:00:00
db:	VULHUB	id:	VHN-107499	date:	2017-11-06T00:00:00
db:	VULMON	id:	CVE-2017-16564	date:	2017-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-009937	date:	2017-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201711-200	date:	2017-11-08T00:00:00
db:	NVD	id:	CVE-2017-16564	date:	2017-11-06T08:29:00.283