Lucene search

[email protected]CVE-2020-5761

HistoryJul 29, 2020 - 7:15 p.m.

CVE-2020-5761

2020-07-2919:15:00

CWE-835

[email protected]

web.nvd.nist.gov

cve-2020-5761

grandstream

ht800

firmware

vulnerability

tr-069

cpu exhaustion

remote attackers

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.007 Low

EPSS

Percentile

80.5%

JSON

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.

CPENameOperatorVersion
grandstream:ht801_firmwaregrandstream ht801 firmwarele1.0.17.5
grandstream:ht802_firmwaregrandstream ht802 firmwarele1.0.17.5
grandstream:ht812_firmwaregrandstream ht812 firmwarele1.0.17.5
grandstream:ht814_firmwaregrandstream ht814 firmwarele1.0.17.5
grandstream:ht818_firmwaregrandstream ht818 firmwarele1.0.17.5
grandstream:ht813_firmwaregrandstream ht813 firmwarele1.0.17.5

CPE	Name	Operator	Version
grandstream:ht801_firmware	grandstream ht801 firmware	le	1.0.17.5
grandstream:ht802_firmware	grandstream ht802 firmware	le	1.0.17.5
grandstream:ht812_firmware	grandstream ht812 firmware	le	1.0.17.5
grandstream:ht814_firmware	grandstream ht814 firmware	le	1.0.17.5
grandstream:ht818_firmware	grandstream ht818 firmware	le	1.0.17.5
grandstream:ht813_firmware	grandstream ht813 firmware	le	1.0.17.5

References

www.tenable.com/security/research/tra-2020-43

www.tenable.com/security/research/tra-2020-47

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.007 Low

EPSS

Percentile

80.5%

JSON

Related for CVE-2020-5761

prion1 threatpost1