Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grandstream vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-16565
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows malicious users to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.
Grandstream Ht802 Firmware -
NA
CVE-2015-2866
SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware prior to 1.0.3.9 beta allows remote malicious users to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.
Grandstream Gxv3611 Hd Firmware
1 EDB exploit
8.8
CVSSv3
CVE-2021-37748
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices prior to 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell a...
Grandstream Ht801 Firmware
1 Github repository
9.8
CVSSv3
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions prior to 1.0.19.20 or inject HTML in password recovery emai...
Grandstream Ucm6200 Firmware
1 EDB exploit
1 Metasploit module
8.8
CVSSv3
CVE-2019-10656
Grandstream GWN7000 prior to 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.
Grandstream Gwn7000 Firmware
8.8
CVSSv3
CVE-2019-10658
Grandstream GWN7610 prior to 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.
Grandstream Gwn7610 Firmware
8.8
CVSSv3
CVE-2019-10663
Grandstream UCM6204 prior to 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.
Grandstream Ucm6204 Firmware
8.8
CVSSv3
CVE-2020-5756
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
Grandstream Gwn7000 Firmware
8.8
CVSSv3
CVE-2019-10660
Grandstream GXV3611IR_HD prior to 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.
Grandstream Gxv3611ir Hd Firmware
9.8
CVSSv3
CVE-2019-10661
On Grandstream GXV3611IR_HD prior to 1.0.3.23 devices, the root account lacks a password.
Grandstream Gxv3611ir Hd Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »