Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grandstream vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2016-1520
The Grandstream Wave app 1.0.1.26 and previous versions for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle malicious users to execute arbitrary code via a crafted application.
Grandstream Wave
7.5
CVSSv2
CVE-2015-2866
SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware prior to 1.0.3.9 beta allows remote malicious users to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.
Grandstream Gxv3611 Hd Firmware
1 EDB exploit
9
CVSSv2
CVE-2019-10662
Grandstream UCM6204 prior to 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.
Grandstream Ucm6204 Firmware
1 Metasploit module
7.1
CVSSv2
CVE-2007-5788
Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote malicious users to cause a denial of service (device crash) via a crafted SIP INVITE message.
Grandstream Ht488 0.1
NA
CVE-2022-2070
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and ...
Grandstream Gds3710 Firmware 1.0.11.13
7.8
CVSSv2
CVE-2007-5789
The Grandstream HT-488 0.1 allows remote malicious users to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.
Grandstream Ht488 0.1
NA
CVE-2022-2025
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an malicious user to execute a shell w...
Grandstream Gds3710 Firmware 1.0.11.13
5
CVSSv2
CVE-2005-2182
Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote malicious users to spoof messages such as the "Messages waiting" message.
Grandstream Bt-100 Firmware -
7.8
CVSSv2
CVE-2006-5231
Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote malicious users to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP.
Grandstream Gxp-2000 1.1.0.5
7.8
CVSSv2
CVE-2007-4498
The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote malicious users to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INV...
Grandstream Sip Phone Gxv-3000
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »