Vulnerabilities > Grandstream > Ht802 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2020-07-29 CVE-2020-5763 Inadequate Encryption Strength vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service.
network
low complexity
grandstream CWE-326
8.8
2020-07-29 CVE-2020-5762 NULL Pointer Dereference vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service.
network
low complexity
grandstream CWE-476
7.5
2020-07-29 CVE-2020-5761 Infinite Loop vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service.
network
low complexity
grandstream CWE-835
7.5
2020-07-29 CVE-2020-5760 OS Command Injection vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability.
local
low complexity
grandstream CWE-78
7.8
2017-11-06 CVE-2017-16565 Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.
network
low complexity
grandstream CWE-352
8.8
2017-11-06 CVE-2017-16563 Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.
network
low complexity
grandstream CWE-352
8.0