Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grandstream vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-10658
Grandstream GWN7610 prior to 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.
Grandstream Gwn7610 Firmware
8.8
CVSSv3
CVE-2019-10660
Grandstream GXV3611IR_HD prior to 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.
Grandstream Gxv3611ir Hd Firmware
8.8
CVSSv3
CVE-2019-10663
Grandstream UCM6204 prior to 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.
Grandstream Ucm6204 Firmware
8.8
CVSSv3
CVE-2019-10662
Grandstream UCM6204 prior to 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.
Grandstream Ucm6204 Firmware
1 Metasploit module
9.8
CVSSv3
CVE-2019-10661
On Grandstream GXV3611IR_HD prior to 1.0.3.23 devices, the root account lacks a password.
Grandstream Gxv3611ir Hd Firmware
9.8
CVSSv3
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions prior to 1.0.19.20 or inject HTML in password recovery emai...
Grandstream Ucm6200 Firmware
1 EDB exploit
1 Metasploit module
8.8
CVSSv3
CVE-2020-5756
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
Grandstream Gwn7000 Firmware
5.9
CVSSv3
CVE-2016-1519
The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and previous versions for Android does not properly validate SSL certificates, which allows man-in-the-middle malicious users to spoof the Grandstream provisioning server via a crafted certificate.
Grandstream Wave
7.8
CVSSv3
CVE-2016-1520
The Grandstream Wave app 1.0.1.26 and previous versions for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle malicious users to execute arbitrary code via a crafted application.
Grandstream Wave
NA
CVE-2015-2866
SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware prior to 1.0.3.9 beta allows remote malicious users to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.
Grandstream Gxv3611 Hd Firmware
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »