CVE-2021-37748

Name of the Vulnerable Software and Affected Versions: Grandstream HT801 versions prior to 1.0.29

Description: The issue is related to multiple buffer overflows in the limited configuration shell (/sbin/gs config) that allow remote authenticated users to execute arbitrary code as root via a crafted manage if setting. This bypasses the intended restrictions of the shell, allowing full control of the device. Default weak credentials can be used to authenticate.

Recommendations: For versions prior to 1.0.29, update to version 1.0.29 or later to resolve the issue. As a temporary workaround, consider changing the default weak credentials to strong ones and restricting access to the /sbin/gs config shell until the update can be applied.