CVE-2020-5762: Null Pointer Dereference
First published: Wed Jul 29 2020(Updated: )
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Grandstream Ht801 Firmware | <=1.0.17.5 | |
| Grandstream HT801 | ||
| Grandstream Ht802 Firmware | <=1.0.17.5 | |
| Grandstream Ht802 | ||
| Grandstream Ht812 Firmware | <=1.0.17.5 | |
| Grandstream Ht812 | ||
| Grandstream Ht814 Firmware | <=1.0.17.5 | |
| Grandstream Ht814 | ||
| Grandstream Ht818 Firmware | <=1.0.17.5 | |
| Grandstream Ht818 | ||
| Grandstream Ht813 Firmware | <=1.0.17.5 | |
| Grandstream Ht813 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Grandstream firmware issue?
The vulnerability ID for this Grandstream firmware issue is CVE-2020-5762.
What is the severity of CVE-2020-5762?
The severity of CVE-2020-5762 is high with a CVSS score of 7.5.
How does the vulnerability in Grandstream HT800 series firmware version 1.0.17.5 and below manifest?
The vulnerability in Grandstream HT800 series firmware version 1.0.17.5 and below allows an unauthenticated remote attacker to launch a denial of service attack against the TR-069 service, causing it to crash.
How can an attacker exploit CVE-2020-5762?
An attacker can exploit CVE-2020-5762 by sending specially crafted requests to the TR-069 service, causing a NULL pointer dereference and crashing the service.
Is there a fix available for this vulnerability?
Yes, updating the Grandstream HT800 series firmware to version 1.0.17.6 or above will fix this vulnerability.
- collector/nvd-index
- agent/weakness
- agent/type
- vendor/grandstream
- canonical/grandstream ht801 firmware
- version/grandstream ht801 firmware/1.0.17.5
- canonical/grandstream ht801
- canonical/grandstream ht802 firmware
- version/grandstream ht802 firmware/1.0.17.5
- canonical/grandstream ht802
- canonical/grandstream ht812 firmware
- version/grandstream ht812 firmware/1.0.17.5
- canonical/grandstream ht812
- canonical/grandstream ht814 firmware
- version/grandstream ht814 firmware/1.0.17.5
- canonical/grandstream ht814
- canonical/grandstream ht818 firmware
- version/grandstream ht818 firmware/1.0.17.5
- canonical/grandstream ht818
- canonical/grandstream ht813 firmware
- version/grandstream ht813 firmware/1.0.17.5
- canonical/grandstream ht813