Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grandstream vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-5724
The Grandstream UCM6200 series prior to 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
1 Metasploit module
9.8
CVSSv3
CVE-2020-5759
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
6.5
CVSSv3
CVE-2019-10657
Grandstream GWN7000 prior to 1.0.6.32 and GWN7610 prior to 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.
Grandstream Gwn7610 Firmware
Grandstream Gwn7000 Firmware
8.8
CVSSv3
CVE-2019-10659
Grandstream GXV3370 prior to 1.0.1.41 and WP820 prior to 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.
Grandstream Gxv3370 Firmware
Grandstream Wp820 Firmware
NA
CVE-2005-2581
Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote malicious users to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060.
Grandstream Budgetone 101
Grandstream Budgetone 102
1 EDB exploit
NA
CVE-2007-1590
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote malicious users to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest...
Grandstream Budgetone 200 1.1.1.5
Grandstream Budgetone 200 1.1.1.14
1 EDB exploit
8.8
CVSSv3
CVE-2021-37915
An issue exists on the Grandstream HT801 Analog Telephone Adaptor prior to 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attac...
Grandstream Ht801 Firmware
1 Github repository
5.9
CVSSv3
CVE-2016-1519
The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and previous versions for Android does not properly validate SSL certificates, which allows man-in-the-middle malicious users to spoof the Grandstream provisioning server via a crafted certificate.
Grandstream Wave
9.8
CVSSv3
CVE-2019-10661
On Grandstream GXV3611IR_HD prior to 1.0.3.23 devices, the root account lacks a password.
Grandstream Gxv3611ir Hd Firmware
NA
CVE-2015-2866
SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware prior to 1.0.3.9 beta allows remote malicious users to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.
Grandstream Gxv3611 Hd Firmware
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »