Vulnerability Description
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grandstream | Ht801 Firmware | <= 1.0.17.5 |
| Grandstream | Ht801 | - |
| Grandstream | Ht802 Firmware | <= 1.0.17.5 |
| Grandstream | Ht802 | - |
| Grandstream | Ht812 Firmware | <= 1.0.17.5 |
| Grandstream | Ht812 | - |
| Grandstream | Ht814 Firmware | <= 1.0.17.5 |
| Grandstream | Ht814 | - |
| Grandstream | Ht818 Firmware | <= 1.0.17.5 |
| Grandstream | Ht818 | - |
| Grandstream | Ht813 Firmware | <= 1.0.17.5 |
| Grandstream | Ht813 | - |
Related Weaknesses (CWE)
References
- https://www.tenable.com/security/research/tra-2020-43ExploitThird Party Advisory
- https://www.tenable.com/security/research/tra-2020-47Third Party AdvisoryVDB Entry
- https://www.tenable.com/security/research/tra-2020-43ExploitThird Party Advisory
- https://www.tenable.com/security/research/tra-2020-47Third Party AdvisoryVDB Entry
FAQ
What is CVE-2020-5760?
CVE-2020-5760 is a vulnerability with a CVSS score of 7.8 (HIGH). Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting...
How severe is CVE-2020-5760?
CVE-2020-5760 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5760?
Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Ht801 Firmware, Grandstream Ht801, Grandstream Ht802 Firmware, Grandstream Ht802, Grandstream Ht812 Firmware.