Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grandstream vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-5759
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
5.9
CVSSv3
CVE-2020-5725
The Grandstream UCM6200 series prior to 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user pass...
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
6.5
CVSSv3
CVE-2019-10657
Grandstream GWN7000 prior to 1.0.6.32 and GWN7610 prior to 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.
Grandstream Gwn7610 Firmware
Grandstream Gwn7000 Firmware
8.8
CVSSv3
CVE-2019-10659
Grandstream GXV3370 prior to 1.0.1.41 and WP820 prior to 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.
Grandstream Gxv3370 Firmware
Grandstream Wp820 Firmware
NA
CVE-2005-2581
Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote malicious users to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060.
Grandstream Budgetone 101
Grandstream Budgetone 102
1 EDB exploit
NA
CVE-2007-1590
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote malicious users to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest...
Grandstream Budgetone 200 1.1.1.5
Grandstream Budgetone 200 1.1.1.14
1 EDB exploit
8
CVSSv3
CVE-2017-16563
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows malicious users to modify settings, related to cgi-bin/update.
Grandstream Ht802 Firmware -
5.4
CVSSv3
CVE-2017-16564
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).
Grandstream Ht802 Firmware -
8.8
CVSSv3
CVE-2019-10656
Grandstream GWN7000 prior to 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.
Grandstream Gwn7000 Firmware
8.8
CVSSv3
CVE-2017-16565
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows malicious users to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.
Grandstream Ht802 Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »