VYPR
Vendor

Grandstream

Products
47
CVEs
62
Across products
79
Status
Private

Products

47
View all 47 products →

Recent CVEs

62
View all 62 CVEs →
  • CVE-2025-12592CriNov 19, 2025
    risk 0.60cvss epss 0.00

    Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.

  • CVE-2024-0840HigApr 29, 2024
    risk 0.57cvss 8.8epss 0.01

    The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a…

  • CVE-2023-50015HigMar 9, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token.

  • CVE-2017-16565HigNov 6, 2017
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.

  • CVE-2016-1518HigApr 21, 2017
    risk 0.53cvss 8.1epss 0.02

    The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs,…

  • CVE-2017-16563HigNov 6, 2017
    risk 0.52cvss 8.0epss 0.00

    Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.

  • CVE-2016-1520HigApr 21, 2017
    risk 0.51cvss 7.8epss 0.02

    The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.

  • CVE-2005-2182HigJul 11, 2005
    risk 0.49cvss 7.5epss 0.01

    Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

  • CVE-2025-40979HigSep 10, 2025
    risk 0.46cvss epss 0.00

    DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users\AppData\Local\Temp'…

  • CVE-2016-1519MedApr 21, 2017
    risk 0.38cvss 5.9epss 0.01

    The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.

  • CVE-2017-16564MedNov 6, 2017
    risk 0.35cvss 5.4epss 0.01

    Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).

  • CVE-2025-14186LowDec 7, 2025
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote…

  • CVE-2020-5722KEVMar 23, 2020
    risk 0.22cvss epss 0.84

    The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery…

  • CVE-2019-10655Mar 30, 2019
    risk 0.09cvss epss 0.15

    Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a…

  • CVE-2020-5724Mar 30, 2020
    risk 0.08cvss epss 0.12

    The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.

  • CVE-2020-5723Mar 30, 2020
    risk 0.07cvss epss 0.06

    The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.

  • CVE-2026-2329Feb 18, 2026
    risk 0.05cvss epss 0.40

    An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The…

  • CVE-2022-2070Sep 23, 2022
    risk 0.04cvss epss 0.04

    In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting…

  • CVE-2022-2025Sep 23, 2022
    risk 0.04cvss epss 0.04

    an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full…

  • CVE-2020-5726Mar 30, 2020
    risk 0.04cvss epss 0.04

    The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.