CVE-2020-5763: Weak Encryption
First published: Wed Jul 29 2020(Updated: )
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Grandstream Ht801 Firmware | <=1.0.17.5 | |
| Grandstream HT801 | ||
| Grandstream Ht802 Firmware | <=1.0.17.5 | |
| Grandstream Ht802 | ||
| Grandstream Ht812 Firmware | <=1.0.17.5 | |
| Grandstream Ht812 | ||
| Grandstream Ht814 Firmware | <=1.0.17.5 | |
| Grandstream Ht814 | ||
| Grandstream Ht818 Firmware | <=1.0.17.5 | |
| Grandstream Ht818 | ||
| Grandstream Ht813 Firmware | <=1.0.17.5 | |
| Grandstream Ht813 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5763?
CVE-2020-5763 is a vulnerability in the Grandstream HT800 series firmware version 1.0.17.5 and below that contains a backdoor in the SSH service, allowing an authenticated remote attacker to obtain a root shell.
How severe is CVE-2020-5763?
CVE-2020-5763 has a severity score of 8.8 (Critical).
Which software versions are affected by CVE-2020-5763?
Grandstream HT800 series firmware version 1.0.17.5 and below are affected by CVE-2020-5763.
How can an attacker exploit CVE-2020-5763?
An authenticated remote attacker can exploit CVE-2020-5763 by correctly answering a challenge prompt in the SSH service to obtain a root shell.
Are there any reference links for CVE-2020-5763?
Yes, you can find more information about CVE-2020-5763 at the following links: [Tenable Research Advisory TRA-2020-43](https://www.tenable.com/security/research/tra-2020-43) and [Tenable Research Advisory TRA-2020-47](https://www.tenable.com/security/research/tra-2020-47).
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/type
- agent/description
- agent/event
- vendor/grandstream
- canonical/grandstream ht801 firmware
- version/grandstream ht801 firmware/1.0.17.5
- canonical/grandstream ht801
- canonical/grandstream ht802 firmware
- version/grandstream ht802 firmware/1.0.17.5
- canonical/grandstream ht802
- canonical/grandstream ht812 firmware
- version/grandstream ht812 firmware/1.0.17.5
- canonical/grandstream ht812
- canonical/grandstream ht814 firmware
- version/grandstream ht814 firmware/1.0.17.5
- canonical/grandstream ht814
- canonical/grandstream ht818 firmware
- version/grandstream ht818 firmware/1.0.17.5
- canonical/grandstream ht818
- canonical/grandstream ht813 firmware
- version/grandstream ht813 firmware/1.0.17.5
- canonical/grandstream ht813