Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2019-2456

Malware in sbrugna...

9CVSS8.7AI score0.01569EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/05/22 5:42 p.m.4 views

CVE-2020-5756

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...

9CVSS7.8AI score0.01302EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 8:0 a.m.10 views

CVE-2019-10656

Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply updatendswebrootfromtmp API call...

9CVSS7.7AI score0.01569EPSS
Exploits0References1
CNVD
CNVDadded 2020/07/21 12:0 a.m.1 views

Grandstream GWN7000 Arbitrary OS Command Execution Vulnerability

The Grandstream GWN7000 is an enterprise-class multi-WAN Gigabit VPN router. An arbitrary OS command execution vulnerability exists in the Grandstream GWN7000 version 1.0.9.4 and earlier. The vulnerability stems from the fact that the product allows an authenticated remote user to modify the...

9CVSS7.9AI score0.01302EPSS
Exploits1References1
Prion
Prionadded 2020/07/17 9:15 p.m.12 views

Design/Logic Flaw

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...

9CVSS8.8AI score0.01302EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2020/07/17 8:16 p.m.13 views

CVE-2020-5756

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...

8.9AI score0.01302EPSS
Exploits1References1
CVE
CVEadded 2020/07/17 8:16 p.m.51 views

CVE-2020-5756

Summary: CVE-2020-5756 affects Grandstream GWN7000, with firmware version 1.0.9.4 and older. An authenticated remote user can modify the system crontab via an undocumented API, enabling execution of arbitrary OS commands on the router. This vulnerability is described across multiple sources (NVD,...

9CVSS8.8AI score0.01302EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessusadded 2019/04/08 12:0 a.m.63 views

Blind Command Injection Vulnerability in Grandstream Products

A Blind Command Injection Vulnerability exists in Grandstream devices: - The affected devices are: GWN7000 & GWN7610 - A blind command injection vulnerability exists in the 'filename' parameter. An unauthenticated, remote attacker can exploit this to bypass authentication and obtain a root shell....

9CVSS7.4AI score0.0223EPSS
Exploits0References4
CNVD
CNVDadded 2019/04/02 12:0 a.m.2 views

Grandstream GWN7000 Command Injection Vulnerability

The Grandstream GWN7000 is an enterprise-class VPN router from Grandstream. A security vulnerability exists in the Grandstream GWN7000 versions prior to 1.0.6.32. An attacker can exploit this vulnerability to execute illegal commands...

9CVSS7.1AI score0.01569EPSS
Exploits0References1
Prion
Prionadded 2019/03/30 5:29 p.m.18 views

Code injection

Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply updatendswebrootfromtmp API call...

9CVSS8.7AI score0.01569EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2019/03/30 5:29 p.m.0 views

CVE-2019-10656

Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply updatendswebrootfromtmp API call...

8.8CVSS7.6AI score
Exploits0References2
NVD
NVDadded 2019/03/30 5:29 p.m.13 views

CVE-2019-10656

Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply updatendswebrootfromtmp API call...

9CVSS8.8AI score0.01569EPSS
Exploits0References2
NVD
NVDadded 2019/03/30 5:29 p.m.15 views

CVE-2019-10657

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

6.5CVSS6.8AI score0.00227EPSS
Exploits0References2
OSV
OSVadded 2019/03/30 5:29 p.m.1 views

CVE-2019-10657

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References2
Prion
Prionadded 2019/03/30 5:29 p.m.16 views

Cross site request forgery (csrf)

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

4CVSS6.2AI score0.00227EPSS
Exploits0References2Affected Software2
CVE
CVEadded 2019/03/30 4:42 p.m.46 views

CVE-2019-10657

Grandstream GWN7000 (pre-1.0.6.32) and GWN7610 (pre-1.0.8.18) are affected by CVE-2019-10657. Remote authenticated users can disclose passwords via a /ubus/uci.apply config request, enabling potential information disclosure. Root cause details are not fully elaborated in the provided documents. A...

6.5CVSS6.8AI score0.00227EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2019/03/30 4:42 p.m.17 views

CVE-2019-10657

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

7.3AI score0.00227EPSS
Exploits0References2
CVE
CVEadded 2019/03/30 4:42 p.m.47 views

CVE-2019-10656

Summary: CVE-2019-10656 affects Grandstream GWN7000 prior to 1.0.6.32. Affected component is the /ubus/uci.apply update_nds_webroot_from_tmp API call, where remote authenticated users can inject shell metacharacters in a filename to execute arbitrary code on the device. Public references across d...

9CVSS9AI score0.01569EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2019/03/30 4:42 p.m.18 views

CVE-2019-10656

Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply updatendswebrootfromtmp API call...

8.8AI score0.01569EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2019/03/30 12:0 a.m.2 views

PT-2019-11969 · Grandstream · Grandstream Gwn7000

Name of the Vulnerable Software and Affected Versions: Grandstream GWN7000 versions prior to 1.0.6.32 Description: The issue allows remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a "/ubus/uci.apply" update nds webroot from tmp API call...

9CVSS8.7AI score0.01569EPSS
Exploits0References3
Rows per page
Query Builder