Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grandstream vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-5759
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
9.8
CVSSv3
CVE-2020-5757
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "N...
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
6.5
CVSSv3
CVE-2019-10657
Grandstream GWN7000 prior to 1.0.6.32 and GWN7610 prior to 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.
Grandstream Gwn7610 Firmware
Grandstream Gwn7000 Firmware
8.8
CVSSv3
CVE-2019-10659
Grandstream GXV3370 prior to 1.0.1.41 and WP820 prior to 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.
Grandstream Gxv3370 Firmware
Grandstream Wp820 Firmware
NA
CVE-2005-2581
Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote malicious users to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060.
Grandstream Budgetone 101
Grandstream Budgetone 102
1 EDB exploit
NA
CVE-2007-1590
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote malicious users to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest...
Grandstream Budgetone 200 1.1.1.5
Grandstream Budgetone 200 1.1.1.14
1 EDB exploit
8.8
CVSSv3
CVE-2019-10656
Grandstream GWN7000 prior to 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.
Grandstream Gwn7000 Firmware
8.8
CVSSv3
CVE-2019-10660
Grandstream GXV3611IR_HD prior to 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.
Grandstream Gxv3611ir Hd Firmware
9.8
CVSSv3
CVE-2019-10661
On Grandstream GXV3611IR_HD prior to 1.0.3.23 devices, the root account lacks a password.
Grandstream Gxv3611ir Hd Firmware
8.8
CVSSv3
CVE-2021-37748
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices prior to 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell a...
Grandstream Ht801 Firmware
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »