CVE-2020-5762

Summary

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.

Affected Software

VendorProductVersion RangeStatus
n/aGrandstream HT800 SeriesVersions 1.0.17.5 and belowaffected

Weaknesses

  • CWE-476: CWE-476

ADP Enrichment

CVE Program Container

Additional References

References