CVE-2021-37915
N/A
N/A
Summary
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/product/ht801
- http://firmware.grandstream.com/BETA/Release_Note_HT80x_1.0.29.8.pdf
- https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/
References
- http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/product/ht801
- http://firmware.grandstream.com/BETA/Release_Note_HT80x_1.0.29.8.pdf
- https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.