CVE-2020-5760

HIGH

Grandstream HT800 <1.0.17.5 - Command Injection

Title source: llm
STIX 2.1

Description

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2020-43
Third Party Advisory, VDB Entry x_refsource_misc
https://www.tenable.com/security/research/tra-2020-47

Scores

CVSS v3 7.8
EPSS 0.0547
EPSS Percentile 91.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (6)
grandstream/ht801_firmware < 1.0.17.5
grandstream/ht802_firmware < 1.0.17.5
grandstream/ht812_firmware < 1.0.17.5
grandstream/ht813_firmware < 1.0.17.5
grandstream/ht814_firmware < 1.0.17.5
grandstream/ht818_firmware < 1.0.17.5
Published Jul 29, 2020
Tracked Since Feb 18, 2026