What the vulnerability does

01Description

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.

Key dates

02Disclosure timeline

July 29, 2020 CVE published
August 4, 2024 Record updated