VYPR

Vendor CVEs

Grandstream

All CVEs

62 total · sorted by risk
  • CVE-2018-17563Apr 1, 2019
    risk 0.00cvss epss 0.01

    A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.

  • CVE-2019-10663Mar 30, 2019
    risk 0.00cvss epss 0.28

    Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.

  • CVE-2019-10661Mar 30, 2019
    risk 0.00cvss epss 0.02

    On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password.

  • CVE-2019-10660Mar 30, 2019
    risk 0.00cvss epss 0.03

    Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.

  • CVE-2019-10659Mar 30, 2019
    risk 0.00cvss epss 0.03

    Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.

  • CVE-2019-10658Mar 30, 2019
    risk 0.00cvss epss 0.03

    Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.

  • CVE-2019-10657Mar 30, 2019
    risk 0.00cvss epss 0.01

    Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.

  • CVE-2019-10656Mar 30, 2019
    risk 0.00cvss epss 0.04

    Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.

  • CVE-2013-3962Oct 1, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web…

  • CVE-2007-5789Nov 1, 2007
    risk 0.00cvss epss 0.02

    The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.

  • CVE-2007-5788Nov 1, 2007
    risk 0.00cvss epss 0.02

    Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message.

  • CVE-2006-5231Oct 11, 2006
    risk 0.00cvss epss 0.02

    Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote attackers to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP.

Page 2 of 2