Security News > 2020 > July > 4 Unpatched Bugs Plague Grandstream ATAs for VoIP Users

UPDATE. Multiple high-severity vulnerabilities in the Grandstream HT800 series of Analog Telephone Adaptors threaten home office and midrange users alike, with outages, eavesdropping and device takeover.

The HT800 series of ATAs is designed for everyone from home or small-office users to medium-sized businesses, looking to connect their analog telephone devices to a VoIP network, unified communications system or other IP-based communications infrastructure.

Grandstream HT800 series current firmware version 1.0.17.5 and below is vulnerable to all four bugs.

In the disclosure timeline, it's noted that fixes for all the bugs have at least been developed and tested with positive results both by Grandstream internally and by Tenable, as of June 22.

Grandstream has run into other cybersecurity trouble in the past; last year, a series of both unauthenticated and authenticated remote code-execution vulnerabilities were uncovered in a variety of Grandstream products for small to medium-sized businesses, including audio and video conferencing units, IP video phones, routers and IP PBXs. This post was updated at 9:15 a.m. ET to include comments from Tenable's Sebree.

News URL

https://threatpost.com/4-unpatched-bugs-grandstream-atas-voip/157927/