Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Grandstream Subscribe
Filtered by product Gwn7000 Firmware
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10657 1 Grandstream 4 Gwn7000, Gwn7000 Firmware, Gwn7610 and 1 more 2023-03-01 4.0 MEDIUM 6.5 MEDIUM
Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.
CVE-2019-10656 1 Grandstream 2 Gwn7000, Gwn7000 Firmware 2023-03-01 9.0 HIGH 8.8 HIGH
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.
CVE-2020-5756 1 Grandstream 2 Gwn7000, Gwn7000 Firmware 2020-07-22 9.0 HIGH 8.8 HIGH
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.