Vulnerability Details CVE-2021-37748
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.119
EPSS Ranking 93.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/product/ht801
- https://github.com/SECFORCE/CVE-2021-37748
- https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/
- http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/product/ht801
- https://github.com/SECFORCE/CVE-2021-37748
- https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/
Products affected by CVE-2021-37748
-
cpe:2.3:h:grandstream:ht801:-
-
cpe:2.3:o:grandstream:ht801_firmware:-
-
cpe:2.3:o:grandstream:ht801_firmware:1.0.17.5