24 matches found
EUVD-2016-2613
Malware in sbrugna...
EUVD-2016-2614
Malware in sbrugna...
EUVD-2016-2615
Malware in sbrugna...
CVE-2025-40979
CVE-2025-40979 describes a DLL search order hijack in Grandstream Wave’s wave.exe on Windows 11 (v1.27.8). The root cause is improper DLL loading order, allowing a locally attacker-controlled file placed in the user Temp directory (C:\Users\AppData\Local\Temp) to potentially execute arbitrary cod...
CVE-2025-40979 DLL search order hijack in Wave by Grandstream Networks
DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users\AppData\Local\Temp' directory, which could lead to...
Grandstream Wave 代码问题漏洞
Grandstream Wave is a voice software from Grandstream Corporation, USA. A code issue vulnerability exists in Grandstream Wave version 1.27.8, which stems from DLL search order hijacking and could lead to the execution of arbitrary code...
Design/Logic Flaw
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application...
CVE-2016-1519
The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate...
CVE-2016-1518
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have...
CVE-2016-1518
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have...
CVE-2016-1520
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application...
Code injection
The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate...
CVE-2016-1519
The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate...
CVE-2016-1520
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application...
CVE-2016-1519
The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate...
CVE-2016-1518
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have...
CVE-2016-1520
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application...
CVE-2016-1520
The CVE-2016-1520 issue affects the Grandstream Wave Android app (1.0.1.26 and earlier). The root cause is that update information is retrieved over HTTP instead of HTTPS, enabling a man-in-the-middle to craft updates and potentially execute arbitrary code on the device. Public details indicate t...
CVE-2016-1518
CVE-2016-1518 affects the Grandstream Wave app (Android, versions up to 1.0.1.26 and earlier) and Grandstream Video IP phones. The root cause is failure to use HTTPS when downloading provisioning/configuration data from http://fm.grandstream.com/gs/, enabling a man-in-the-middle to spoof provisio...
CVE-2016-1519
Affected software: Grandstream Wave app for Android (package com.softphone.common), versions up to and including 1.0.1.26. Vulnerability: Improper SSL certificate validation in the app’s provisioning flow. Impact: Enables MITM attackers to spoof the Grandstream provisioning server via a crafted c...