CVE-2021-37915

Name of the Vulnerable Software and Affected Versions: Grandstream HT801 Analog Telephone Adaptor versions prior to 1.0.29.8

Description: An issue was discovered in the Grandstream HT801 Analog Telephone Adaptor. From the limited configuration shell, it is possible to set the malicious gdb debug server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host.

Recommendations: For versions prior to 1.0.29.8, update to version 1.0.29.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration shell to minimize the risk of exploitation. Avoid using the gdb debug server variable in the configuration until the issue is resolved.