Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grandstream vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-10662
Grandstream UCM6204 prior to 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.
Grandstream Ucm6204 Firmware
1 Metasploit module
8.1
CVSSv3
CVE-2016-1518
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and previous versions for Android and Grandstream Video IP phones allows man-in-the-middle malicious users to spoof provisioning data and consequently modify device functionality, obtain sensitive information fr...
Grandstream Wave
7.8
CVSSv3
CVE-2016-1520
The Grandstream Wave app 1.0.1.26 and previous versions for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle malicious users to execute arbitrary code via a crafted application.
Grandstream Wave
9.8
CVSSv3
CVE-2022-2025
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an malicious user to execute a shell w...
Grandstream Gds3710 Firmware 1.0.11.13
NA
CVE-2007-5789
The Grandstream HT-488 0.1 allows remote malicious users to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.
Grandstream Ht488 0.1
7.5
CVSSv3
CVE-2005-2182
Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote malicious users to spoof messages such as the "Messages waiting" message.
Grandstream Bt-100 Firmware -
NA
CVE-2007-5788
Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote malicious users to cause a denial of service (device crash) via a crafted SIP INVITE message.
Grandstream Ht488 0.1
9.8
CVSSv3
CVE-2022-2070
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and ...
Grandstream Gds3710 Firmware 1.0.11.13
NA
CVE-2006-5231
Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote malicious users to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP.
Grandstream Gxp-2000 1.1.0.5
NA
CVE-2007-4498
The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote malicious users to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INV...
Grandstream Sip Phone Gxv-3000
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »