Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Grandstream Subscribe
Filtered by product Ht801 Firmware
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-37748 1 Grandstream 2 Ht801, Ht801 Firmware 2021-11-03 9.0 HIGH 8.8 HIGH
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.
CVE-2021-37915 1 Grandstream 2 Ht801, Ht801 Firmware 2021-11-02 9.0 HIGH 8.8 HIGH
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host.
CVE-2020-5763 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2020-07-31 9.0 HIGH 8.8 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
CVE-2020-5760 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2020-07-31 9.3 HIGH 7.8 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.
CVE-2020-5762 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2020-07-31 5.0 MEDIUM 7.5 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.
CVE-2020-5761 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2020-07-31 7.8 HIGH 7.5 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.