CVE-2021-37748

HIGH

Grandstream HT801 Firmware < 1.0.29 - Authenticated Buffer Overflow via manage_if Setting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-37748. PoCs published by SECFORCE.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2021-37748, a remote stack overflow vulnerability in Grandstream HT801 ATA devices. The exploits demonstrate two attack paths (path1 and path2) via SSH and Telnet, leveraging stack-based buffer overflows to achieve remote code execution (RCE) on ARM-based systems.

Description

Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.

Exploits (1)

nomisec WORKING POC 5 stars
by SECFORCE · poc
https://github.com/SECFORCE/CVE-2021-37748

This repository contains functional exploit code for CVE-2021-37748, a remote stack overflow vulnerability in Grandstream HT801 ATA devices. The exploits demonstrate two attack paths (path1 and path2) via SSH and Telnet, leveraging stack-based buffer overflows to achieve remote code execution (RCE) on ARM-based systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Grandstream HT801 ATA (versions 1.0.27.2, 1.0.25.5)
Auth required
Prerequisites: Network access to the target device · Valid credentials (default: admin/admin) · SSH or Telnet access enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0729
EPSS Percentile 93.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
grandstream/ht801_firmware < 1.0.29
Published Oct 28, 2021
Tracked Since Feb 18, 2026