CVE-2021-37748

Опубликовано: 28 окт. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.

Ссылки

http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/product/ht801
Product
Vendor Advisory
https://github.com/SECFORCE/CVE-2021-37748
Third Party Advisory
https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/
Exploit
Third Party Advisory
http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/product/ht801
Product
Vendor Advisory
https://github.com/SECFORCE/CVE-2021-37748
Third Party Advisory
https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:grandstream:ht801_firmware:*:*:*:*:*:*:*:*

Версия до 1.0.29 (исключая)

cpe:2.3:h:grandstream:ht801:-:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.11924

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-6mx4-p8p9-328j

github

больше 3 лет назад