CVE-2020-5761 : Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CP

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.

Published 2020-07-29 19:15:15

Updated 2020-07-31 18:08:37

Source Tenable Network Security, Inc.

View at NVD, CVE.org

Products affected by CVE-2020-5761

Grandstream » Ht802 Firmware
Versions up to, including, (<=) 1.0.17.5
cpe:2.3:o:grandstream:ht802_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Grandstream » Ht802 » Version: N/A
Grandstream » Ht801 Firmware
Versions up to, including, (<=) 1.0.17.5
cpe:2.3:o:grandstream:ht801_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Grandstream » Ht801 » Version: N/A
Grandstream » Ht812 Firmware
Versions up to, including, (<=) 1.0.17.5
cpe:2.3:o:grandstream:ht812_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Grandstream » Ht812 » Version: N/A
Grandstream » Ht814 Firmware
Versions up to, including, (<=) 1.0.17.5
cpe:2.3:o:grandstream:ht814_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Grandstream » Ht814 » Version: N/A
Grandstream » Ht818 Firmware
Versions up to, including, (<=) 1.0.17.5
cpe:2.3:o:grandstream:ht818_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Grandstream » Ht818 » Version: N/A
Grandstream » Ht813 Firmware
Versions up to, including, (<=) 1.0.17.5
cpe:2.3:o:grandstream:ht813_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Grandstream » Ht813 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-5761

EPSS FAQ

2.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 83 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-5761

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-5761

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Assigned by:
- nvd@nist.gov (Primary)
- vulnreport@tenable.com (Secondary)

References for CVE-2020-5761

https://www.tenable.com/security/research/tra-2020-43

Grandstream ATA HT800 Series Multiple Vulnerabilities - Research Advisory | Tenable®
Exploit;Third Party Advisory

CVEs referencing this url
https://www.tenable.com/security/research/tra-2020-47

Grandstream ATA HT800 Series Multiple Vulnerabilities - Research Advisory | Tenable®
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-5761

Products affected by CVE-2020-5761

Exploit prediction scoring system (EPSS) score for CVE-2020-5761

CVSS scores for CVE-2020-5761

CWE ids for CVE-2020-5761

References for CVE-2020-5761