First published: Wed Jul 29 2020(Updated: )
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.
Credit: vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
Grandstream Ht801 Firmware | <=1.0.17.5 | |
Grandstream HT801 | ||
Grandstream Ht802 Firmware | <=1.0.17.5 | |
Grandstream Ht802 | ||
Grandstream Ht812 Firmware | <=1.0.17.5 | |
Grandstream Ht812 | ||
Grandstream Ht814 Firmware | <=1.0.17.5 | |
Grandstream Ht814 | ||
Grandstream Ht818 Firmware | <=1.0.17.5 | |
Grandstream Ht818 | ||
Grandstream Ht813 Firmware | <=1.0.17.5 | |
Grandstream Ht813 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Grandstream firmware vulnerability is CVE-2020-5761.
The severity level of CVE-2020-5761 is categorized as high with a severity value of 7.5.
The vulnerability in the Grandstream HT800 series firmware occurs due to an infinite loop in the TR-069 service, leading to CPU exhaustion.
An unauthenticated remote attacker can exploit CVE-2020-5761 by sending a one-character TCP message to the TR-069 service.
The Grandstream HT800 series firmware versions 1.0.17.5 and below are affected by CVE-2020-5761.