Vulnerabilities > Grandstream > Ht802 Firmware > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-29 | CVE-2020-5763 | Inadequate Encryption Strength vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. | 8.8 |
2020-07-29 | CVE-2020-5762 | NULL Pointer Dereference vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. | 7.5 |
2020-07-29 | CVE-2020-5761 | Infinite Loop vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. | 7.5 |
2020-07-29 | CVE-2020-5760 | OS Command Injection vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. | 7.8 |
2017-11-06 | CVE-2017-16565 | Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. | 8.8 |
2017-11-06 | CVE-2017-16563 | Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. | 8.0 |