CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-37915
https://notcve.org/view.php?id=CVE-2021-37915
28 Oct 2021 — An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host. Se ha detectado un problema en Grandstream HT801 Analog Telephone Adaptor versiones anteriores a 1.0.29.8. Desde el shell de configuración limitada, es posible establecer la variable maliciosa gdb_debug_serve... • http://firmware.grandstream.com/BETA/Release_Note_HT80x_1.0.29.8.pdf •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 2CVE-2021-37748
https://notcve.org/view.php?id=CVE-2021-37748
28 Oct 2021 — Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate. Múltiples desbordamientos de búfer en el shell de configuración limitada (/sbin/gs_config) en los dispositivos Grandstream HT80... • https://github.com/SECFORCE/CVE-2021-37748 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 1CVE-2020-5763
https://notcve.org/view.php?id=CVE-2020-5763
29 Jul 2020 — Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt. Grandstream serie HT800 versiones de firmware 1.0.17.5 y posteriores, contiene una backdoor en el servicio SSH. Un atacante remoto autenticado puede obtener un root shell cuando responde correctamente una petición de desafío • https://www.tenable.com/security/research/tra-2020-43 • CWE-326: Inadequate Encryption Strength CWE-489: Active Debug Code •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 1CVE-2020-5762
https://notcve.org/view.php?id=CVE-2020-5762
29 Jul 2020 — Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field. Grandstream serie HT800 versiones de firmware 1.0.17.5 y posteriores, es vulnerable a un ataque de denegación de servicio contra el servicio TR-069. Un atacante remoto no autenticado pu... • https://www.tenable.com/security/research/tra-2020-43 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 12EXPL: 1CVE-2020-5761
https://notcve.org/view.php?id=CVE-2020-5761
29 Jul 2020 — Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service. Grandstream serie HT800 versiones de firmware 1.0.17.5 y posteriores, es vulnerable a un agotamiento del CPU debido a un bucle infinito en el servicio TR-069. Los atacantes remotos no autenticados pueden activar este caso mediante el envío de un mensaje T... • https://www.tenable.com/security/research/tra-2020-43 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.3EPSS: 0%CPEs: 12EXPL: 1CVE-2020-5760
https://notcve.org/view.php?id=CVE-2020-5760
29 Jul 2020 — Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message. Grandstream serie HT800 versiones de firmware 1.0.17.5 y posteriores, es susceptible a una vulnerabilidad de inyección de comandos del Sistema Operativo. Los atacantes remotos no autenticados pueden ejecutar comandos arbitrarios como root mediante... • https://www.tenable.com/security/research/tra-2020-43 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •