OS Command Injection in Grandstream HT800 Series Firmware
CVE-2020-5760

7.8HIGH

Key Information:

Vendor: Grandstream
Status: Grandstream Ht800 Series
Vendor: CVE Published:; 29 July 2020

🔔 Create Grandstream Vulnerability Alert

What is CVE-2020-5760?

The Grandstream HT800 series firmware version 1.0.17.5 and earlier versions are susceptible to an OS command injection vulnerability. This flaw allows unauthenticated remote attackers to execute arbitrary commands with root privileges. Attackers can exploit this vulnerability by crafting a malicious configuration file and transmitting it through a specially formatted SIP message, leading to unauthorized access and potential system compromise.

Affected Version(s)

Grandstream HT800 Series Versions 1.0.17.5 and below

References

https://www.tenable.com/security/research/tra-2020-43

x_refsource_MISC

https://www.tenable.com/security/research/tra-2020-47

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2020
Vulnerability Reserved
Jan 6, 2020

CVE-2020-5760 Data

JSON