Exploits for the CVE-2021-37748 Full writeup: wwwsecforcecom/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices prior to 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
grandstream ht801_firmware |