Vulnerabilities (CVE)

Filtered by vendor Grandstream Subscribe
Filtered by product Ht802 Firmware
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-5763 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2024-11-21 9.0 HIGH 8.8 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
CVE-2020-5762 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.
CVE-2020-5761 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2024-11-21 7.8 HIGH 7.5 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.
CVE-2020-5760 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2024-11-21 9.3 HIGH 7.8 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.
CVE-2017-16565 1 Grandstream 2 Ht802, Ht802 Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.
CVE-2017-16564 1 Grandstream 2 Ht802, Ht802 Firmware 2024-11-21 3.5 LOW 5.4 MEDIUM
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).
CVE-2017-16563 1 Grandstream 2 Ht802, Ht802 Firmware 2024-11-21 6.0 MEDIUM 8.0 HIGH
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.