Vendor CVEs
Grandstream
All CVEs
62 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-12592 | Cri | 0.60 | — | 0.00 | Nov 19, 2025 | Legacy Vivotek Device firmware uses default credetials for the root and user login accounts. | ||
| CVE-2024-0840 | Hig | 0.57 | 8.8 | 0.01 | Apr 29, 2024 | The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a… | ||
| CVE-2023-50015 | Hig | 0.57 | 8.8 | 0.00 | Mar 9, 2024 | An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token. | ||
| CVE-2017-16565 | Hig | 0.57 | 8.8 | 0.00 | Nov 6, 2017 | Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. | ||
| CVE-2016-1518 | Hig | 0.53 | 8.1 | 0.02 | Apr 21, 2017 | The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs,… | ||
| CVE-2017-16563 | Hig | 0.52 | 8.0 | 0.00 | Nov 6, 2017 | Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. | ||
| CVE-2016-1520 | Hig | 0.51 | 7.8 | 0.02 | Apr 21, 2017 | The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application. | ||
| CVE-2005-2182 | Hig | 0.49 | 7.5 | 0.01 | Jul 11, 2005 | Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | ||
| CVE-2025-40979 | Hig | 0.46 | — | 0.00 | Sep 10, 2025 | DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users\AppData\Local\Temp'… | ||
| CVE-2016-1519 | Med | 0.38 | 5.9 | 0.01 | Apr 21, 2017 | The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate. | ||
| CVE-2017-16564 | Med | 0.35 | 5.4 | 0.01 | Nov 6, 2017 | Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). | ||
| CVE-2025-14186 | Low | 0.23 | 3.5 | 0.00 | Dec 7, 2025 | A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote… | ||
| CVE-2020-5722 | 0.22 | — | 0.84 | KEV | Mar 23, 2020 | The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery… | ||
| CVE-2019-10655 | 0.09 | — | 0.15 | Mar 30, 2019 | Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a… | |||
| CVE-2020-5724 | 0.08 | — | 0.12 | Mar 30, 2020 | The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. | |||
| CVE-2020-5723 | 0.07 | — | 0.06 | Mar 30, 2020 | The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges. | |||
| CVE-2026-2329 | 0.05 | — | 0.40 | Feb 18, 2026 | An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The… | |||
| CVE-2022-2070 | 0.04 | — | 0.04 | Sep 23, 2022 | In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting… | |||
| CVE-2022-2025 | 0.04 | — | 0.04 | Sep 23, 2022 | an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full… | |||
| CVE-2020-5726 | 0.04 | — | 0.04 | Mar 30, 2020 | The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. | |||
| CVE-2007-4498 | 0.04 | — | 0.14 | Aug 23, 2007 | The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE… | |||
| CVE-2015-2866 | 0.03 | — | 0.02 | Jul 8, 2015 | SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. | |||
| CVE-2013-3963 | 0.03 | — | 0.01 | Oct 1, 2013 | Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the… | |||
| CVE-2007-1590 | 0.03 | — | 0.04 | Mar 21, 2007 | The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest… | |||
| CVE-2005-2581 | 0.03 | — | 0.03 | Aug 16, 2005 | Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060. | |||
| CVE-2020-5757 | 0.02 | — | 0.07 | Jul 17, 2020 | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS… | |||
| CVE-2021-37748 | 0.01 | — | 0.07 | Oct 28, 2021 | Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell… | |||
| CVE-2020-5759 | 0.01 | — | 0.03 | Jul 17, 2020 | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command. | |||
| CVE-2019-10662 | 0.01 | — | 0.44 | Mar 30, 2019 | Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI. | |||
| CVE-2025-28170 | 0.00 | — | 0.00 | Jul 29, 2025 | Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files. | |||
| CVE-2025-28171 | 0.00 | — | 0.00 | Jul 29, 2025 | An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi. | |||
| CVE-2025-28172 | 0.00 | — | 0.00 | Jul 29, 2025 | Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account… | |||
| CVE-2024-32937 | 0.00 | — | 0.26 | Jul 3, 2024 | An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets… | |||
| CVE-2023-5747 | 0.00 | — | 0.01 | Nov 13, 2023 | Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code.… | |||
| CVE-2023-1257 | 0.00 | — | 0.00 | Mar 7, 2023 | An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the… | |||
| CVE-2021-37915 | 0.00 | — | 0.02 | Oct 28, 2021 | An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from… | |||
| CVE-2020-25217 | 0.00 | — | 0.02 | Mar 29, 2021 | Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. | |||
| CVE-2020-25218 | 0.00 | — | 0.02 | Mar 29, 2021 | Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. | |||
| CVE-2020-5763 | 0.00 | — | 0.03 | Jul 29, 2020 | Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt. | |||
| CVE-2020-5762 | 0.00 | — | 0.03 | Jul 29, 2020 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due… | |||
| CVE-2020-5761 | 0.00 | — | 0.04 | Jul 29, 2020 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service. | |||
| CVE-2020-5760 | 0.00 | — | 0.05 | Jul 29, 2020 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message. | |||
| CVE-2020-5758 | 0.00 | — | 0.04 | Jul 17, 2020 | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API. | |||
| CVE-2020-5756 | 0.00 | — | 0.02 | Jul 17, 2020 | Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router. | |||
| CVE-2020-5739 | 0.00 | — | 0.05 | Apr 14, 2020 | Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is… | |||
| CVE-2020-5738 | 0.00 | — | 0.05 | Apr 14, 2020 | Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface. | |||
| CVE-2020-5725 | 0.00 | — | 0.02 | Mar 30, 2020 | The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords. | |||
| CVE-2013-3542 | 0.00 | — | 0.03 | Dec 11, 2019 | Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers… | |||
| CVE-2018-17565 | 0.00 | — | 0.02 | Apr 1, 2019 | Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell. | |||
| CVE-2018-17564 | 0.00 | — | 0.02 | Apr 1, 2019 | A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device. |
- risk 0.60cvss —epss 0.00
Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.
- risk 0.57cvss 8.8epss 0.01
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a…
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.
- risk 0.53cvss 8.1epss 0.02
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs,…
- risk 0.52cvss 8.0epss 0.00
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.
- risk 0.51cvss 7.8epss 0.02
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.
- risk 0.49cvss 7.5epss 0.01
Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.
- risk 0.46cvss —epss 0.00
DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users\AppData\Local\Temp'…
- risk 0.38cvss 5.9epss 0.01
The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.
- risk 0.35cvss 5.4epss 0.01
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).
- risk 0.23cvss 3.5epss 0.00
A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote…
- risk 0.22cvss —epss 0.84
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery…
- CVE-2019-10655Mar 30, 2019risk 0.09cvss —epss 0.15
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a…
- CVE-2020-5724Mar 30, 2020risk 0.08cvss —epss 0.12
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
- CVE-2020-5723Mar 30, 2020risk 0.07cvss —epss 0.06
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.
- CVE-2026-2329Feb 18, 2026risk 0.05cvss —epss 0.40
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The…
- CVE-2022-2070Sep 23, 2022risk 0.04cvss —epss 0.04
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting…
- CVE-2022-2025Sep 23, 2022risk 0.04cvss —epss 0.04
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full…
- CVE-2020-5726Mar 30, 2020risk 0.04cvss —epss 0.04
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
- CVE-2007-4498Aug 23, 2007risk 0.04cvss —epss 0.14
The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE…
- CVE-2015-2866Jul 8, 2015risk 0.03cvss —epss 0.02
SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.
- CVE-2013-3963Oct 1, 2013risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the…
- CVE-2007-1590Mar 21, 2007risk 0.03cvss —epss 0.04
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest…
- CVE-2005-2581Aug 16, 2005risk 0.03cvss —epss 0.03
Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060.
- CVE-2020-5757Jul 17, 2020risk 0.02cvss —epss 0.07
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS…
- CVE-2021-37748Oct 28, 2021risk 0.01cvss —epss 0.07
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell…
- CVE-2020-5759Jul 17, 2020risk 0.01cvss —epss 0.03
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.
- CVE-2019-10662Mar 30, 2019risk 0.01cvss —epss 0.44
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.
- CVE-2025-28170Jul 29, 2025risk 0.00cvss —epss 0.00
Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.
- CVE-2025-28171Jul 29, 2025risk 0.00cvss —epss 0.00
An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi.
- CVE-2025-28172Jul 29, 2025risk 0.00cvss —epss 0.00
Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account…
- CVE-2024-32937Jul 3, 2024risk 0.00cvss —epss 0.26
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets…
- CVE-2023-5747Nov 13, 2023risk 0.00cvss —epss 0.01
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code.…
- CVE-2023-1257Mar 7, 2023risk 0.00cvss —epss 0.00
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the…
- CVE-2021-37915Oct 28, 2021risk 0.00cvss —epss 0.02
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from…
- CVE-2020-25217Mar 29, 2021risk 0.00cvss —epss 0.02
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
- CVE-2020-25218Mar 29, 2021risk 0.00cvss —epss 0.02
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.
- CVE-2020-5763Jul 29, 2020risk 0.00cvss —epss 0.03
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
- CVE-2020-5762Jul 29, 2020risk 0.00cvss —epss 0.03
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due…
- CVE-2020-5761Jul 29, 2020risk 0.00cvss —epss 0.04
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.
- CVE-2020-5760Jul 29, 2020risk 0.00cvss —epss 0.05
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.
- CVE-2020-5758Jul 17, 2020risk 0.00cvss —epss 0.04
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
- CVE-2020-5756Jul 17, 2020risk 0.00cvss —epss 0.02
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
- CVE-2020-5739Apr 14, 2020risk 0.00cvss —epss 0.05
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is…
- CVE-2020-5738Apr 14, 2020risk 0.00cvss —epss 0.05
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.
- CVE-2020-5725Mar 30, 2020risk 0.00cvss —epss 0.02
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords.
- CVE-2013-3542Dec 11, 2019risk 0.00cvss —epss 0.03
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers…
- CVE-2018-17565Apr 1, 2019risk 0.00cvss —epss 0.02
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.
- CVE-2018-17564Apr 1, 2019risk 0.00cvss —epss 0.02
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.
Page 1 of 2