CVE-2020-5763 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Affected Products (NVD)

Vendor	Product	Version
grandstream	ht801_firmware	𝑥 ≤ 1.0.17.5
grandstream	ht802_firmware	𝑥 ≤ 1.0.17.5
grandstream	ht812_firmware	𝑥 ≤ 1.0.17.5
grandstream	ht814_firmware	𝑥 ≤ 1.0.17.5
grandstream	ht818_firmware	𝑥 ≤ 1.0.17.5
grandstream	ht813_firmware	𝑥 ≤ 1.0.17.5

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-489 - Active Debug Code
The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.
CWE-326 - Inadequate Encryption Strength
The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References

https://www.tenable.com/security/research/tra-2020-43

https://www.tenable.com/security/research/tra-2020-47

https://www.tenable.com/security/research/tra-2020-43

https://www.tenable.com/security/research/tra-2020-47