Vulnerabilities > CVE-2020-5762 - NULL Pointer Dereference vulnerability in Grandstream products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

grandstream

CWE-476

NVD

Published: 2020-07-29

Updated: 2020-07-31

Summary

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.

Vulnerable Configurations

Part	Description	Count
OS	Grandstream Grandstream Ht801 Firmware 1.0.17.5 Grandstream Ht802 Firmware 1.0.17.5 Grandstream Ht812 Firmware 1.0.17.5 Grandstream Ht814 Firmware 1.0.17.5 Grandstream Ht818 Firmware 1.0.17.5 Grandstream Ht813 Firmware 1.0.17.5	6
Hardware	Grandstream Grandstream Ht801 - Grandstream Ht802 - Grandstream Ht812 - Grandstream Ht814 - Grandstream Ht818 - Grandstream Ht813 -	6

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References