# Exploit Title: Vonage Home Router – Stored Xss
# Date: 16/11/2017
# Exploit Author: Nu11By73
# Hardware Version: VDV-23: 115
# Software Version: 3.2.11-0.9.40
# CVE : CVE-2017-16843
NewKeyword Parameter:
1. Login to the router
2. Click advanced setup
3. Click parental controls
4. In the block these keywords text box enter: test”>
5. Click the add keyword button to receive the pop up.
NewDomain Parameter:
1. Login to the router
2. Click advanced setup
3. Click parental controls
4. In the block these websites text box enter: test”>
5. Click the add domain button to receive the pop up.
Proof of concept code:
NewDomain.html
Authenticated Stored CSRF/XSS - Vonage Modem