Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ht814_firmware
(Grandstream)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-29 | CVE-2020-5760 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message. | Ht801_firmware, Ht802_firmware, Ht812_firmware, Ht813_firmware, Ht814_firmware, Ht818_firmware | 7.8 | ||
| 2020-07-29 | CVE-2020-5761 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service. | Ht801_firmware, Ht802_firmware, Ht812_firmware, Ht813_firmware, Ht814_firmware, Ht818_firmware | 7.5 | ||
| 2020-07-29 | CVE-2020-5762 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field. | Ht801_firmware, Ht802_firmware, Ht812_firmware, Ht813_firmware, Ht814_firmware, Ht818_firmware | 7.5 | ||
| 2020-07-29 | CVE-2020-5763 | Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt. | Ht801_firmware, Ht802_firmware, Ht812_firmware, Ht813_firmware, Ht814_firmware, Ht818_firmware | 8.8 |