Vulnerabilities > CVE-2021-37915 - Unspecified vulnerability in Grandstream Ht801 Firmware 1.0.17.5/1.0.29
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 | |
Hardware | 1 |
References
- http://firmware.grandstream.com/BETA/Release_Note_HT80x_1.0.29.8.pdf
- http://firmware.grandstream.com/BETA/Release_Note_HT80x_1.0.29.8.pdf
- http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/product/ht801
- http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/product/ht801
- https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/
- https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/