Published: 29/07/2020 Updated: 31/07/2020
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Grandstream HT800 series firmware version and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.

Vulnerability Trend

Recent Articles

4 Unpatched Bugs Plague Grandstream ATAs for VoIP Users
Threatpost • Tara Seals • 31 Jul 2020

Multiple high-severity vulnerabilities in the Grandstream HT800 series of Analog Telephone Adaptors (ATAs) threaten home office and midrange users alike, with outages, eavesdropping and device takeover.
The HT800 series of ATAs is designed for everyone from home or small-office users to medium-sized businesses, looking to connect their analog telephone devices to a VoIP network, unified communications system or other IP-based communications infrastructure. According to analysis from Tenabl...