9
CVE-2020-5763
- EPSS 1.27%
- Veröffentlicht 29.07.2020 19:15:15
- Zuletzt bearbeitet 21.11.2024 05:34:33
- Quelle vulnreport@tenable.com
- CVE-Watchlists
- Unerledigt
LoginGrandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Grandstream ≫ Ht801 Firmware Version <= 1.0.17.5
Grandstream ≫ Ht802 Firmware Version <= 1.0.17.5
Grandstream ≫ Ht812 Firmware Version <= 1.0.17.5
Grandstream ≫ Ht814 Firmware Version <= 1.0.17.5
Grandstream ≫ Ht818 Firmware Version <= 1.0.17.5
Grandstream ≫ Ht813 Firmware Version <= 1.0.17.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.27% | 0.793 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
CWE-489 Active Debug Code
The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.