Vulnerability Description
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grandstream | Ht801 Firmware | <= 1.0.17.5 |
| Grandstream | Ht801 | - |
| Grandstream | Ht802 Firmware | <= 1.0.17.5 |
| Grandstream | Ht802 | - |
| Grandstream | Ht812 Firmware | <= 1.0.17.5 |
| Grandstream | Ht812 | - |
| Grandstream | Ht814 Firmware | <= 1.0.17.5 |
| Grandstream | Ht814 | - |
| Grandstream | Ht818 Firmware | <= 1.0.17.5 |
| Grandstream | Ht818 | - |
| Grandstream | Ht813 Firmware | <= 1.0.17.5 |
| Grandstream | Ht813 | - |
Related Weaknesses (CWE)
References
- https://www.tenable.com/security/research/tra-2020-43ExploitThird Party Advisory
- https://www.tenable.com/security/research/tra-2020-47Third Party AdvisoryVDB Entry
- https://www.tenable.com/security/research/tra-2020-43ExploitThird Party Advisory
- https://www.tenable.com/security/research/tra-2020-47Third Party AdvisoryVDB Entry
FAQ
What is CVE-2020-5761?
CVE-2020-5761 is a vulnerability with a CVSS score of 7.5 (HIGH). Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by se...
How severe is CVE-2020-5761?
CVE-2020-5761 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5761?
Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Ht801 Firmware, Grandstream Ht801, Grandstream Ht802 Firmware, Grandstream Ht802, Grandstream Ht812 Firmware.