Vulnerabilities > CVE-2020-5761 - Infinite Loop vulnerability in Grandstream products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

grandstream

CWE-835

NVD

Published: 2020-07-29

Updated: 2020-07-31

Summary

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.

Vulnerable Configurations

Part	Description	Count
OS	Grandstream Grandstream Ht801 Firmware - Grandstream Ht801 Firmware 1.0.17.5 Grandstream Ht802 Firmware - Grandstream Ht802 Firmware 1.0.17.5 Grandstream Ht812 Firmware 1.0.17.5 Grandstream Ht814 Firmware 1.0.17.5 Grandstream Ht818 Firmware 1.0.17.5 Grandstream Ht813 Firmware 1.0.17.5	8
Hardware	Grandstream Grandstream Ht801 - Grandstream Ht802 - Grandstream Ht812 - Grandstream Ht814 - Grandstream Ht818 - Grandstream Ht813 -	6

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References