Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grandstream vulnerabilities and exploits
(subscribe to this query)
540
VMScore
CVE-2020-5724
The Grandstream UCM6200 series prior to 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
1 Metasploit module
383
VMScore
CVE-2020-5725
The Grandstream UCM6200 series prior to 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user pass...
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
578
VMScore
CVE-2019-10659
Grandstream GXV3370 prior to 1.0.1.41 and WP820 prior to 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.
Grandstream Gxv3370 Firmware
Grandstream Wp820 Firmware
356
VMScore
CVE-2019-10657
Grandstream GWN7000 prior to 1.0.6.32 and GWN7610 prior to 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.
Grandstream Gwn7610 Firmware
Grandstream Gwn7000 Firmware
505
VMScore
CVE-2005-2581
Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote malicious users to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060.
Grandstream Budgetone 101
Grandstream Budgetone 102
1 EDB exploit
785
VMScore
CVE-2007-1590
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote malicious users to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest...
Grandstream Budgetone 200 1.1.1.5
Grandstream Budgetone 200 1.1.1.14
1 EDB exploit
890
VMScore
CVE-2019-10661
On Grandstream GXV3611IR_HD prior to 1.0.3.23 devices, the root account lacks a password.
Grandstream Gxv3611ir Hd Firmware
605
VMScore
CVE-2016-1518
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and previous versions for Android and Grandstream Video IP phones allows man-in-the-middle malicious users to spoof provisioning data and consequently modify device functionality, obtain sensitive information fr...
Grandstream Wave
578
VMScore
CVE-2019-10658
Grandstream GWN7610 prior to 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.
Grandstream Gwn7610 Firmware
578
VMScore
CVE-2019-10660
Grandstream GXV3611IR_HD prior to 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.
Grandstream Gxv3611ir Hd Firmware
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »