Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grandstream vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2021-37748
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices prior to 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell a...
Grandstream Ht801 Firmware
1 Github repository
801
VMScore
CVE-2021-37915
An issue exists on the Grandstream HT801 Analog Telephone Adaptor prior to 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attac...
Grandstream Ht801 Firmware
1 Github repository
605
VMScore
CVE-2016-1518
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and previous versions for Android and Grandstream Video IP phones allows man-in-the-middle malicious users to spoof provisioning data and consequently modify device functionality, obtain sensitive information fr...
Grandstream Wave
694
VMScore
CVE-2007-5789
The Grandstream HT-488 0.1 allows remote malicious users to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.
Grandstream Ht488 0.1
445
VMScore
CVE-2005-2182
Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote malicious users to spoof messages such as the "Messages waiting" message.
Grandstream Bt-100 Firmware -
NA
CVE-2022-2025
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an malicious user to execute a shell w...
Grandstream Gds3710 Firmware 1.0.11.13
NA
CVE-2022-2070
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and ...
Grandstream Gds3710 Firmware 1.0.11.13
632
VMScore
CVE-2007-5788
Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote malicious users to cause a denial of service (device crash) via a crafted SIP INVITE message.
Grandstream Ht488 0.1
694
VMScore
CVE-2006-5231
Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote malicious users to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP.
Grandstream Gxp-2000 1.1.0.5
785
VMScore
CVE-2007-4498
The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote malicious users to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INV...
Grandstream Sip Phone Gxv-3000
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »