Lucene search

K

6 matches found

CVE
CVE
added 2021/10/28 12:15 p.m.53 views

CVE-2021-37748

Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full contro...

9CVSS8.8AI score0.11924EPSS
CVE
CVE
added 2020/07/29 7:15 p.m.52 views

CVE-2020-5763

Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.

9CVSS8.5AI score0.01519EPSS
CVE
CVE
added 2020/07/29 7:15 p.m.51 views

CVE-2020-5760

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.

9.3CVSS8.1AI score0.03942EPSS
CVE
CVE
added 2021/10/28 12:15 p.m.51 views

CVE-2021-37915

An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined h...

9CVSS8.5AI score0.00769EPSS
CVE
CVE
added 2020/07/29 7:15 p.m.49 views

CVE-2020-5761

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.

7.8CVSS7.5AI score0.02154EPSS
CVE
CVE
added 2020/07/29 7:15 p.m.44 views

CVE-2020-5762

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the...

7.5CVSS7.5AI score0.0137EPSS