Vulnerabilities > CVE-2020-5762 - NULL Pointer Dereference vulnerability in Grandstream products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

grandstream

CWE-476

NVD

Published: 2020-07-29

Updated: 2020-07-31

Summary

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.

Vulnerable Configurations

Part	Description	Count
OS	Grandstream Grandstream Ht801 Firmware - Grandstream Ht801 Firmware 1.0.17.5 Grandstream Ht802 Firmware - Grandstream Ht802 Firmware 1.0.17.5 Grandstream Ht812 Firmware 1.0.17.5 Grandstream Ht814 Firmware 1.0.17.5 Grandstream Ht818 Firmware 1.0.17.5 Grandstream Ht813 Firmware 1.0.17.5	8
Hardware	Grandstream Grandstream Ht801 - Grandstream Ht802 - Grandstream Ht812 - Grandstream Ht814 - Grandstream Ht818 - Grandstream Ht813 -	6

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References