Vulnerability Description
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grandstream | Ht801 Firmware | <= 1.0.17.5 |
| Grandstream | Ht801 | - |
| Grandstream | Ht802 Firmware | <= 1.0.17.5 |
| Grandstream | Ht802 | - |
| Grandstream | Ht812 Firmware | <= 1.0.17.5 |
| Grandstream | Ht812 | - |
| Grandstream | Ht814 Firmware | <= 1.0.17.5 |
| Grandstream | Ht814 | - |
| Grandstream | Ht818 Firmware | <= 1.0.17.5 |
| Grandstream | Ht818 | - |
| Grandstream | Ht813 Firmware | <= 1.0.17.5 |
| Grandstream | Ht813 | - |
Related Weaknesses (CWE)
References
- https://www.tenable.com/security/research/tra-2020-43ExploitThird Party Advisory
- https://www.tenable.com/security/research/tra-2020-47Third Party AdvisoryVDB Entry
- https://www.tenable.com/security/research/tra-2020-43ExploitThird Party Advisory
- https://www.tenable.com/security/research/tra-2020-47Third Party AdvisoryVDB Entry
FAQ
What is CVE-2020-5763?
CVE-2020-5763 is a vulnerability with a CVSS score of 8.8 (HIGH). Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
How severe is CVE-2020-5763?
CVE-2020-5763 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5763?
Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Ht801 Firmware, Grandstream Ht801, Grandstream Ht802 Firmware, Grandstream Ht802, Grandstream Ht812 Firmware.