Shodan
Vulnerabilities
Vulnerable Software
Grandstream:  >> Ht802  Security Vulnerabilities
CVE-2020-5761
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.
CVSS Score
7.5
EPSS Score
0.022
Published
2020-07-29
CVE-2020-5762
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.
CVSS Score
7.5
EPSS Score
0.014
Published
2020-07-29
CVE-2020-5763
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
CVSS Score
8.8
EPSS Score
0.015
Published
2020-07-29
CVE-2020-5760
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.
CVSS Score
7.8
EPSS Score
0.039
Published
2020-07-29
CVE-2017-16563
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.
CVSS Score
8.0
EPSS Score
0.001
Published
2017-11-06
CVE-2017-16564
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).
CVSS Score
5.4
EPSS Score
0.002
Published
2017-11-06
CVE-2017-16565
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-11-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved