CVE-2021-37748

HIGH

Grandstream Ht801 Firmware < 1.0.29 - Out-of-Bounds Write

Title source: rule

Description

Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.

Exploits (1)

nomisec WORKING POC 5 stars

by SECFORCE · poc

https://github.com/SECFORCE/CVE-2021-37748

View Code ZIP pw:eip

References (3)

Core 3

Core References

Product, Vendor Advisory x_refsource_misc

http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/product/ht801

Exploit, Third Party Advisory x_refsource_misc

https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/

Third Party Advisory x_refsource_misc

https://github.com/SECFORCE/CVE-2021-37748

Scores

CVSS v3 8.8

EPSS 0.1192

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

grandstream/ht801_firmware < 1.0.29

Published Oct 28, 2021

Tracked Since Feb 18, 2026