• Main points: The Grandstream HT802V2 uses udhcpc for DHCP. When a DHCP event occurs, it calls a script to process data. Option 43 (vendor) is parsed using a specific parser. /app/bin/vendor_test_suite.sh is used to download and execute a script from a constructed URL. There's a potential security issue where a malicious payload can be downloaded and executed. This is related to CVE-2021-37915. Affected devices include HT802V2 (1.0.3.5 and older), other HT8xxV2, and probably HT8xx(V1). A fix was issued in firmware 1.0.3.10 which uses prov_image_dec for decoding to prevent loading malicious scripts.
• Key information: udhcpc calls /usr/share/udhcpc/default.script. Option 43 format is <option_code><value_length><value>. Passing 0x05 gives gs_test_server. /app/bin/vendor_test_suite.sh downloads and executes a script. Encryption using encfile and decryption using corefile_dec. Affected devices' firmware details. Fix in 1.0.3.10 with prov_image_dec. Timeline of reporting and fix release.
• Important details: Different versions of affected devices. The specific changes in the fix firmware. The process of using DHCP for malicious purposes and the security implications. The sequence of events in reporting the issue and getting the fix.