Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grandstream vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-5726
The Grandstream UCM6200 series prior to 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
9
CVSSv2
CVE-2020-5758
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
4
CVSSv2
CVE-2019-10657
Grandstream GWN7000 prior to 1.0.6.32 and GWN7610 prior to 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.
Grandstream Gwn7610 Firmware
Grandstream Gwn7000 Firmware
6.5
CVSSv2
CVE-2019-10659
Grandstream GXV3370 prior to 1.0.1.41 and WP820 prior to 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.
Grandstream Gxv3370 Firmware
Grandstream Wp820 Firmware
5
CVSSv2
CVE-2005-2581
Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote malicious users to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060.
Grandstream Budgetone 101
Grandstream Budgetone 102
1 EDB exploit
7.8
CVSSv2
CVE-2007-1590
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote malicious users to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest...
Grandstream Budgetone 200 1.1.1.5
Grandstream Budgetone 200 1.1.1.14
1 EDB exploit
6.5
CVSSv2
CVE-2019-10658
Grandstream GWN7610 prior to 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.
Grandstream Gwn7610 Firmware
9
CVSSv2
CVE-2019-10656
Grandstream GWN7000 prior to 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.
Grandstream Gwn7000 Firmware
6.5
CVSSv2
CVE-2019-10660
Grandstream GXV3611IR_HD prior to 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.
Grandstream Gxv3611ir Hd Firmware
10
CVSSv2
CVE-2019-10661
On Grandstream GXV3611IR_HD prior to 1.0.3.23 devices, the root account lacks a password.
Grandstream Gxv3611ir Hd Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »