Vulnerability Description
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grandstream | Ht801 Firmware | <= 1.0.17.5 |
| Grandstream | Ht801 | - |
| Grandstream | Ht802 Firmware | <= 1.0.17.5 |
| Grandstream | Ht802 | - |
| Grandstream | Ht812 Firmware | <= 1.0.17.5 |
| Grandstream | Ht812 | - |
| Grandstream | Ht814 Firmware | <= 1.0.17.5 |
| Grandstream | Ht814 | - |
| Grandstream | Ht818 Firmware | <= 1.0.17.5 |
| Grandstream | Ht818 | - |
| Grandstream | Ht813 Firmware | <= 1.0.17.5 |
| Grandstream | Ht813 | - |
Related Weaknesses (CWE)
References
- https://www.tenable.com/security/research/tra-2020-43ExploitThird Party Advisory
- https://www.tenable.com/security/research/tra-2020-47Third Party AdvisoryVDB Entry
- https://www.tenable.com/security/research/tra-2020-43ExploitThird Party Advisory
- https://www.tenable.com/security/research/tra-2020-47Third Party AdvisoryVDB Entry
FAQ
What is CVE-2020-5762?
CVE-2020-5762 is a vulnerability with a CVSS score of 7.5 (HIGH). Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NU...
How severe is CVE-2020-5762?
CVE-2020-5762 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5762?
Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Ht801 Firmware, Grandstream Ht801, Grandstream Ht802 Firmware, Grandstream Ht802, Grandstream Ht812 Firmware.