Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ht802_firmware vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2017-16563
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows malicious users to modify settings, related to cgi-bin/update.
Grandstream Ht802 Firmware -
3.5
CVSSv2
CVE-2017-16564
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).
Grandstream Ht802 Firmware -
6.8
CVSSv2
CVE-2017-16565
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows malicious users to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.
Grandstream Ht802 Firmware -
9.3
CVSSv2
CVE-2020-5760
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.
Grandstream Ht801 Firmware
Grandstream Ht802 Firmware
Grandstream Ht812 Firmware
Grandstream Ht814 Firmware
Grandstream Ht818 Firmware
Grandstream Ht813 Firmware
7.8
CVSSv2
CVE-2020-5761
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.
Grandstream Ht801 Firmware
Grandstream Ht802 Firmware
Grandstream Ht812 Firmware
Grandstream Ht814 Firmware
Grandstream Ht818 Firmware
Grandstream Ht813 Firmware
5
CVSSv2
CVE-2020-5762
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to...
Grandstream Ht801 Firmware
Grandstream Ht802 Firmware
Grandstream Ht812 Firmware
Grandstream Ht814 Firmware
Grandstream Ht818 Firmware
Grandstream Ht813 Firmware
9
CVSSv2
CVE-2020-5763
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
Grandstream Ht801 Firmware
Grandstream Ht802 Firmware
Grandstream Ht812 Firmware
Grandstream Ht814 Firmware
Grandstream Ht818 Firmware
Grandstream Ht813 Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started