Vulnerabilities (CVE)

Filtered by vendor Grandstream Subscribe
Total 50 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-2182 1 Grandstream 2 Bt-100, Bt-100 Firmware 2024-02-08 5.0 MEDIUM 7.5 HIGH
Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.
CVE-2022-2025 1 Grandstream 2 Gds3710, Gds3710 Firmware 2023-12-10 N/A 9.8 CRITICAL
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.
CVE-2022-2070 1 Grandstream 2 Gds3710, Gds3710 Firmware 2023-12-10 N/A 9.8 CRITICAL
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.
CVE-2021-37915 1 Grandstream 2 Ht801, Ht801 Firmware 2023-12-10 9.0 HIGH 8.8 HIGH
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host.
CVE-2021-37748 1 Grandstream 2 Ht801, Ht801 Firmware 2023-12-10 9.0 HIGH 8.8 HIGH
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.
CVE-2020-25217 1 Grandstream 14 Grp2612, Grp2612 Firmware, Grp2612p and 11 more 2023-12-10 9.0 HIGH 7.2 HIGH
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
CVE-2020-25218 1 Grandstream 14 Grp2612, Grp2612 Firmware, Grp2612p and 11 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.
CVE-2020-5739 1 Grandstream 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more 2023-12-10 9.0 HIGH 8.8 HIGH
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges.
CVE-2020-5725 1 Grandstream 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords.
CVE-2020-5761 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2023-12-10 7.8 HIGH 7.5 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.
CVE-2020-5760 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2023-12-10 9.3 HIGH 7.8 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.
CVE-2020-5762 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.
CVE-2020-5723 1 Grandstream 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.
CVE-2020-5763 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2023-12-10 9.0 HIGH 8.8 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
CVE-2020-5722 1 Grandstream 2 Ucm6200, Ucm6200 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.
CVE-2020-5758 1 Grandstream 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more 2023-12-10 9.0 HIGH 8.8 HIGH
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
CVE-2020-5756 1 Grandstream 2 Gwn7000, Gwn7000 Firmware 2023-12-10 9.0 HIGH 8.8 HIGH
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
CVE-2020-5738 1 Grandstream 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more 2023-12-10 9.0 HIGH 8.8 HIGH
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.
CVE-2020-5726 1 Grandstream 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
CVE-2020-5757 1 Grandstream 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.