Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Grandstream Subscribe
Total 50 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10662 1 Grandstream 2 Ucm6204, Ucm6204 Firmware 2023-03-01 9.0 HIGH 8.8 HIGH
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.
CVE-2019-10661 1 Grandstream 2 Gxv3611ir Hd, Gxv3611ir Hd Firmware 2023-03-01 10.0 HIGH 9.8 CRITICAL
On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password.
CVE-2019-10660 1 Grandstream 2 Gxv3611ir Hd, Gxv3611ir Hd Firmware 2023-03-01 6.5 MEDIUM 8.8 HIGH
Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.
CVE-2019-10658 1 Grandstream 2 Gwn7610, Gwn7610 Firmware 2023-03-01 6.5 MEDIUM 8.8 HIGH
Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.
CVE-2019-10659 1 Grandstream 4 Gxv3370, Gxv3370 Firmware, Wp820 and 1 more 2023-03-01 6.5 MEDIUM 8.8 HIGH
Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.
CVE-2019-10657 1 Grandstream 4 Gwn7000, Gwn7000 Firmware, Gwn7610 and 1 more 2023-03-01 4.0 MEDIUM 6.5 MEDIUM
Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.
CVE-2019-10656 1 Grandstream 2 Gwn7000, Gwn7000 Firmware 2023-03-01 9.0 HIGH 8.8 HIGH
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.
CVE-2020-25218 1 Grandstream 14 Grp2612, Grp2612 Firmware, Grp2612p and 11 more 2022-10-05 10.0 HIGH 9.8 CRITICAL
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.
CVE-2020-25217 1 Grandstream 14 Grp2612, Grp2612 Firmware, Grp2612p and 11 more 2022-10-05 9.0 HIGH 7.2 HIGH
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
CVE-2022-2070 1 Grandstream 2 Gds3710, Gds3710 Firmware 2022-09-26 N/A 9.8 CRITICAL
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.
CVE-2022-2025 1 Grandstream 2 Gds3710, Gds3710 Firmware 2022-09-26 N/A 9.8 CRITICAL
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.
CVE-2019-10655 1 Grandstream 10 Gac2500, Gac2500 Firmware, Gvc3202 and 7 more 2022-04-18 7.5 HIGH 9.8 CRITICAL
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.
CVE-2020-5722 1 Grandstream 2 Ucm6200, Ucm6200 Firmware 2022-02-09 10.0 HIGH 9.8 CRITICAL
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.
CVE-2021-37748 1 Grandstream 2 Ht801, Ht801 Firmware 2021-11-03 9.0 HIGH 8.8 HIGH
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.
CVE-2021-37915 1 Grandstream 2 Ht801, Ht801 Firmware 2021-11-02 9.0 HIGH 8.8 HIGH
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host.
CVE-2018-17564 1 Grandstream 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.
CVE-2020-5763 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2020-07-31 9.0 HIGH 8.8 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
CVE-2020-5760 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2020-07-31 9.3 HIGH 7.8 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.
CVE-2020-5762 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2020-07-31 5.0 MEDIUM 7.5 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.
CVE-2020-5761 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2020-07-31 7.8 HIGH 7.5 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.