CVE-2021-37748

moderate-risk
Published 2021-10-28

Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.

Do I need to act?

!
11.9% chance of exploitation in next 30 days
EPSS score — higher than 88% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Ht801 Firmware

Affected Vendors

Grandstream

References (6)

Product http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/...
Third Party Advisory https://github.com/SECFORCE/CVE-2021-37748
Exploit https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cv...
Product http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/...
Third Party Advisory https://github.com/SECFORCE/CVE-2021-37748
Exploit https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cv...
47
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 12/34 · Low
Exposure 5/34 · Minimal