Vulnerabilities > CVE-2021-37748 - Out-of-bounds Write vulnerability in Grandstream Ht801 Firmware 1.0.17.5

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
grandstream
CWE-787

Summary

Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.

Vulnerable Configurations

Part Description Count
OS
Grandstream
2
Hardware
Grandstream
1

Common Weakness Enumeration (CWE)