Vulnerability Description
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grandstream | Ht801 Firmware | < 1.0.29 |
| Grandstream | Ht801 | - |
Related Weaknesses (CWE)
References
- http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/ProductVendor Advisory
- https://github.com/SECFORCE/CVE-2021-37748Third Party Advisory
- https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cvExploitThird Party Advisory
- http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/ProductVendor Advisory
- https://github.com/SECFORCE/CVE-2021-37748Third Party Advisory
- https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cvExploitThird Party Advisory
FAQ
What is CVE-2021-37748?
CVE-2021-37748 is a vulnerability with a CVSS score of 8.8 (HIGH). Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a craft...
How severe is CVE-2021-37748?
CVE-2021-37748 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37748?
Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Ht801 Firmware, Grandstream Ht801.