Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grandstream vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2019-10658
Grandstream GWN7610 prior to 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.
Grandstream Gwn7610 Firmware
578
VMScore
CVE-2019-10663
Grandstream UCM6204 prior to 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.
Grandstream Ucm6204 Firmware
605
VMScore
CVE-2016-1518
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and previous versions for Android and Grandstream Video IP phones allows man-in-the-middle malicious users to spoof provisioning data and consequently modify device functionality, obtain sensitive information fr...
Grandstream Wave
NA
CVE-2022-2025
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an malicious user to execute a shell w...
Grandstream Gds3710 Firmware 1.0.11.13
694
VMScore
CVE-2007-5789
The Grandstream HT-488 0.1 allows remote malicious users to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.
Grandstream Ht488 0.1
NA
CVE-2022-2070
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and ...
Grandstream Gds3710 Firmware 1.0.11.13
632
VMScore
CVE-2007-5788
Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote malicious users to cause a denial of service (device crash) via a crafted SIP INVITE message.
Grandstream Ht488 0.1
445
VMScore
CVE-2005-2182
Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote malicious users to spoof messages such as the "Messages waiting" message.
Grandstream Bt-100 Firmware -
694
VMScore
CVE-2006-5231
Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote malicious users to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP.
Grandstream Gxp-2000 1.1.0.5
785
VMScore
CVE-2007-4498
The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote malicious users to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INV...
Grandstream Sip Phone Gxv-3000
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »