Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grandstream vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2020-25217
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
Grandstream Grp2612 Firmware 1.0.3.6
Grandstream Grp2612p Firmware 1.0.3.6
Grandstream Grp2612w Firmware 1.0.3.6
Grandstream Grp2613 Firmware 1.0.3.6
Grandstream Grp2614 Firmware 1.0.3.6
Grandstream Grp2615 Firmware 1.0.3.6
Grandstream Grp2616 Firmware 1.0.3.6
890
VMScore
CVE-2020-25218
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.
Grandstream Grp2612 Firmware 1.0.3.6
Grandstream Grp2612p Firmware 1.0.3.6
Grandstream Grp2612w Firmware 1.0.3.6
Grandstream Grp2613 Firmware 1.0.3.6
Grandstream Grp2614 Firmware 1.0.3.6
Grandstream Grp2615 Firmware 1.0.3.6
Grandstream Grp2616 Firmware 1.0.3.6
668
VMScore
CVE-2018-17564
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows malicious users to delete configuration parameters and gain admin access to the device.
Grandstream Gxp1610 Firmware 1.0.4.128
Grandstream Gxp1615 Firmware 1.0.4.128
Grandstream Gxp1620 Firmware 1.0.4.128
Grandstream Gxp1625 Firmware 1.0.4.128
Grandstream Gxp1628 Firmware 1.0.4.128
Grandstream Gxp1630 Firmware 1.0.4.128
445
VMScore
CVE-2018-17563
A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows malicious users to dump the device's configuration in cleartext.
Grandstream Gxp1610 Firmware 1.0.4.128
Grandstream Gxp1615 Firmware 1.0.4.128
Grandstream Gxp1620 Firmware 1.0.4.128
Grandstream Gxp1625 Firmware 1.0.4.128
Grandstream Gxp1628 Firmware 1.0.4.128
Grandstream Gxp1630 Firmware 1.0.4.128
890
VMScore
CVE-2018-17565
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows malicious users to execute arbitrary system commands and gain a root shell.
Grandstream Gxp1610 Firmware 1.0.4.128
Grandstream Gxp1615 Firmware 1.0.4.128
Grandstream Gxp1620 Firmware 1.0.4.128
Grandstream Gxp1625 Firmware 1.0.4.128
Grandstream Gxp1628 Firmware 1.0.4.128
Grandstream Gxp1630 Firmware 1.0.4.128
540
VMScore
CVE-2020-5723
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an malicious user to retrieve all passwords and possibly gain elevated privileges.
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
1 Metasploit module
540
VMScore
CVE-2020-5724
The Grandstream UCM6200 series prior to 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
1 Metasploit module
445
VMScore
CVE-2020-5726
The Grandstream UCM6200 series prior to 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
890
VMScore
CVE-2020-5757
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "N...
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
801
VMScore
CVE-2020-5758
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
Grandstream Ucm6202 Firmware
Grandstream Ucm6204 Firmware
Grandstream Ucm6208 Firmware
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »