Lucene search

[email protected]CVE-2020-5762

HistoryJul 29, 2020 - 7:15 p.m.

CVE-2020-5762

2020-07-2919:15:00

CWE-476

[email protected]

web.nvd.nist.gov

cve-2020-5762

grandstream ht800

firmware

tr-069

denial of service

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

77.7%

JSON

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.

CPENameOperatorVersion
grandstream:ht801_firmwaregrandstream ht801 firmwarele1.0.17.5
grandstream:ht802_firmwaregrandstream ht802 firmwarele1.0.17.5
grandstream:ht812_firmwaregrandstream ht812 firmwarele1.0.17.5
grandstream:ht814_firmwaregrandstream ht814 firmwarele1.0.17.5
grandstream:ht818_firmwaregrandstream ht818 firmwarele1.0.17.5
grandstream:ht813_firmwaregrandstream ht813 firmwarele1.0.17.5

CPE	Name	Operator	Version
grandstream:ht801_firmware	grandstream ht801 firmware	le	1.0.17.5
grandstream:ht802_firmware	grandstream ht802 firmware	le	1.0.17.5
grandstream:ht812_firmware	grandstream ht812 firmware	le	1.0.17.5
grandstream:ht814_firmware	grandstream ht814 firmware	le	1.0.17.5
grandstream:ht818_firmware	grandstream ht818 firmware	le	1.0.17.5
grandstream:ht813_firmware	grandstream ht813 firmware	le	1.0.17.5

References

www.tenable.com/security/research/tra-2020-43

www.tenable.com/security/research/tra-2020-47

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

77.7%

JSON

Related for CVE-2020-5762

prion1 threatpost1