VYPR

Vendor CVEs

Grandstream

All CVEs

62 total · sorted by risk
  • CVE-2025-12592CriNov 19, 2025
    risk 0.60cvss epss 0.00

    Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.

  • CVE-2024-0840HigApr 29, 2024
    risk 0.57cvss 8.8epss 0.01

    The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a…

  • CVE-2023-50015HigMar 9, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token.

  • CVE-2017-16565HigNov 6, 2017
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.

  • CVE-2016-1518HigApr 21, 2017
    risk 0.53cvss 8.1epss 0.02

    The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs,…

  • CVE-2017-16563HigNov 6, 2017
    risk 0.52cvss 8.0epss 0.00

    Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.

  • CVE-2016-1520HigApr 21, 2017
    risk 0.51cvss 7.8epss 0.02

    The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.

  • CVE-2005-2182HigJul 11, 2005
    risk 0.49cvss 7.5epss 0.01

    Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

  • CVE-2025-40979HigSep 10, 2025
    risk 0.46cvss epss 0.00

    DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users\AppData\Local\Temp'…

  • CVE-2016-1519MedApr 21, 2017
    risk 0.38cvss 5.9epss 0.01

    The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.

  • CVE-2017-16564MedNov 6, 2017
    risk 0.35cvss 5.4epss 0.01

    Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).

  • CVE-2025-14186LowDec 7, 2025
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote…

  • CVE-2020-5722KEVMar 23, 2020
    risk 0.22cvss epss 0.84

    The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery…

  • CVE-2019-10655Mar 30, 2019
    risk 0.09cvss epss 0.15

    Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a…

  • CVE-2020-5724Mar 30, 2020
    risk 0.08cvss epss 0.12

    The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.

  • CVE-2020-5723Mar 30, 2020
    risk 0.07cvss epss 0.06

    The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.

  • CVE-2026-2329Feb 18, 2026
    risk 0.05cvss epss 0.40

    An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The…

  • CVE-2022-2070Sep 23, 2022
    risk 0.04cvss epss 0.04

    In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting…

  • CVE-2022-2025Sep 23, 2022
    risk 0.04cvss epss 0.04

    an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full…

  • CVE-2020-5726Mar 30, 2020
    risk 0.04cvss epss 0.04

    The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.

  • CVE-2007-4498Aug 23, 2007
    risk 0.04cvss epss 0.14

    The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE…

  • CVE-2015-2866Jul 8, 2015
    risk 0.03cvss epss 0.02

    SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.

  • CVE-2013-3963Oct 1, 2013
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the…

  • CVE-2007-1590Mar 21, 2007
    risk 0.03cvss epss 0.04

    The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest…

  • CVE-2005-2581Aug 16, 2005
    risk 0.03cvss epss 0.03

    Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060.

  • CVE-2020-5757Jul 17, 2020
    risk 0.02cvss epss 0.07

    Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS…

  • CVE-2021-37748Oct 28, 2021
    risk 0.01cvss epss 0.07

    Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell…

  • CVE-2020-5759Jul 17, 2020
    risk 0.01cvss epss 0.03

    Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.

  • CVE-2019-10662Mar 30, 2019
    risk 0.01cvss epss 0.44

    Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.

  • CVE-2025-28170Jul 29, 2025
    risk 0.00cvss epss 0.00

    Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.

  • CVE-2025-28171Jul 29, 2025
    risk 0.00cvss epss 0.00

    An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi.

  • CVE-2025-28172Jul 29, 2025
    risk 0.00cvss epss 0.00

    Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account…

  • CVE-2024-32937Jul 3, 2024
    risk 0.00cvss epss 0.26

    An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets…

  • CVE-2023-5747Nov 13, 2023
    risk 0.00cvss epss 0.01

    Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code.…

  • CVE-2023-1257Mar 7, 2023
    risk 0.00cvss epss 0.00

    An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the…

  • CVE-2021-37915Oct 28, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from…

  • CVE-2020-25217Mar 29, 2021
    risk 0.00cvss epss 0.02

    Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.

  • CVE-2020-25218Mar 29, 2021
    risk 0.00cvss epss 0.02

    Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.

  • CVE-2020-5763Jul 29, 2020
    risk 0.00cvss epss 0.03

    Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.

  • CVE-2020-5762Jul 29, 2020
    risk 0.00cvss epss 0.03

    Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due…

  • CVE-2020-5761Jul 29, 2020
    risk 0.00cvss epss 0.04

    Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.

  • CVE-2020-5760Jul 29, 2020
    risk 0.00cvss epss 0.05

    Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.

  • CVE-2020-5758Jul 17, 2020
    risk 0.00cvss epss 0.04

    Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.

  • CVE-2020-5756Jul 17, 2020
    risk 0.00cvss epss 0.02

    Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.

  • CVE-2020-5739Apr 14, 2020
    risk 0.00cvss epss 0.05

    Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is…

  • CVE-2020-5738Apr 14, 2020
    risk 0.00cvss epss 0.05

    Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.

  • CVE-2020-5725Mar 30, 2020
    risk 0.00cvss epss 0.02

    The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords.

  • CVE-2013-3542Dec 11, 2019
    risk 0.00cvss epss 0.03

    Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers…

  • CVE-2018-17565Apr 1, 2019
    risk 0.00cvss epss 0.02

    Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.

  • CVE-2018-17564Apr 1, 2019
    risk 0.00cvss epss 0.02

    A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.

Page 1 of 2