CVE-2017-16563

Name of the Vulnerable Software and Affected Versions Vonage (Grandstream) HT802 devices (affected versions not specified)

Description The issue concerns a Cross-Site Request Forgery (CSRF) in the Basic Settings screen. This allows attackers to modify settings related to the cgi-bin/update endpoint.

Recommendations For Vonage (Grandstream) HT802 devices, as a temporary workaround, consider restricting access to the cgi-bin/update endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.