Skip to main content

Ht802 Firmware

7 CVEs product

Monthly

CVE-2020-5763 HIGH POC This Week

Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ht801 Firmware Ht802 Firmware Ht812 Firmware Ht814 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-5762 HIGH POC This Week

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ht801 Firmware Ht802 Firmware Ht812 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-5761 HIGH POC This Week

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ht801 Firmware Ht802 Firmware Ht812 Firmware Ht814 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-5760 HIGH POC This Week

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ht801 Firmware Ht802 Firmware Ht812 Firmware Ht814 Firmware +2
NVD
CVSS 3.1
7.8
EPSS
5.5%
CVE-2017-16565 HIGH POC This Week

Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ht802 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-16564 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ht802 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-16563 HIGH POC This Week

Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ht802 Firmware
NVD
CVSS 3.0
8.0
EPSS
0.1%
EPSS 3% CVSS 8.8
HIGH POC This Week

Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ht801 Firmware Ht802 Firmware +4
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ht801 Firmware +5
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ht801 Firmware Ht802 Firmware +4
NVD
EPSS 5% CVSS 7.8
HIGH POC This Week

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ht801 Firmware Ht802 Firmware +4
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ht802 Firmware
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ht802 Firmware
NVD
EPSS 0% CVSS 8.0
HIGH POC This Week

Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ht802 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy