image
Multiple high-severity vulnerabilities in the Grandstream HT800 series of Analog Telephone Adaptors (ATAs) threaten home office and midrange users alike, with outages, eavesdropping and device takeover. The HT800 series of ATAs is designed for everyone from home or small-office users to medium-sized businesses, looking to connect their analog telephone devices to a VoIP network, unified communications system or other IP-based communications infrastructure. According to analysis from Tenable, the models have four worrying flaws, all of them unpatched as of this writing. The bug tracked as CVE-2020-5760 (rating 7.8 out of 10 on the CvSS scale) could allow command injection during the provisioning process. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message. “Tenable found the HT800 series is vulnerable to command injection via the configuration file when P240 is set to 1 and P2 (password) contains shell metacharacters,” the firm said in its advisory, released this week. “Furthermore, Tenable found that an unauthenticated remote attacker could trigger this injection via a x-gs-ucm-url SIP message.” Tenable also published a proof-of-concept exploit, which results in a root shell on the device, allowing full compromise. Meanwhile, CVE-2020-5761 is an infinite loop problem in the TR-069 service (rated 7.5 out of 10 on the CvSS scale) that can result in CPU exhaustion. The TR-069 is a…

Source