Remote Code Execution Flaw in Grandstream HT800 Series IP Phones
CVE-2020-5761

7.5HIGH

Key Information:

Vendor: Grandstream
Status: Grandstream Ht800 Series
Vendor: CVE Published:; 29 July 2020

🔔 Create Grandstream Vulnerability Alert

What is CVE-2020-5761?

The Grandstream HT800 series IP phones running firmware version 1.0.17.5 and earlier are susceptible to a denial of service vulnerability due to a flaw in the TR-069 service. This vulnerability allows unauthenticated remote attackers to exploit the device by sending a small, malicious TCP message, which triggers an infinite loop. This CPU exhaustion can render the device unresponsive, leading to service disruptions and potential risks in deployed environments.

Affected Version(s)

Grandstream HT800 Series Versions 1.0.17.5 and below

References

https://www.tenable.com/security/research/tra-2020-43

x_refsource_MISC

https://www.tenable.com/security/research/tra-2020-47

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2020
Vulnerability Reserved
Jan 6, 2020