Lucene search
K

510 matches found

CVE
CVE
added 2025/07/29 12:0 a.m.26 views

CVE-2025-28172

The CVE-2025-28172 affects Grandstream Networks UCM6510 (versions 1.0.20.52 and earlier). It describes an improper restriction of excessive authentication attempts, enabling brute-force login attempts to target accounts. The cited PT-2025-31217 recommends updating to version 1.0.20.52 or later to...

6.5CVSS7AI score0.00267EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.5 views

Grandstream UCM6510 安全漏洞

The Grandstream UCM6510 is a VoIP switch from Grandstream USA. A security vulnerability exists in the Grandstream UCM6510 version 1.0.20.52 and earlier, which stems from an improperly restricted authentication attempt that could lead to a brute-force breaking attack...

6.5CVSS6.8AI score0.00267EPSS
Exploits0References3
CVE
CVE
added 2025/07/29 12:0 a.m.28 views

CVE-2025-28170

The CVE-2025-28170 entry concerns Grandstream Networks GXP1628 devices running version 1.0.4.130 or earlier. The root cause is Incorrect Access Control due to directory listing being enabled, which can permit unauthorized access to sensitive directories and files. Publicly available sources in th...

7.6CVSS6.4AI score0.0029EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.4 views

Grandstream GXP1628 安全漏洞

Grandstream GXP1628 is an IP phone from Grandstream USA. A security vulnerability exists in the Grandstream GXP1628 version 1.0.4.130 and earlier, which stems from improper access control and could lead to unauthorized access...

7.6CVSS6.6AI score0.0029EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.4 views

Grandstream UCM6510 安全漏洞

The Grandstream UCM6510 is a VoIP switch from Grandstream USA. A security vulnerability exists in the Grandstream UCM6510 version 1.0.20.52 and prior versions, which stems from a flaw in the login function that could lead to the disclosure of sensitive information...

6.5CVSS6.3AI score0.00299EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/29 12:0 a.m.8 views

PT-2025-31219 · Grandstream · Grandstream Ucm6510

Name of the Vulnerable Software and Affected Versions: Grandstream UCM6510 versions prior to 1.0.20.53 Description: An issue allows a remote attacker to obtain sensitive information via the Login function. The vulnerable endpoints are /cgi and /webrtccgi. Recommendations: Update to version...

6.5CVSS6.4AI score0.00299EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2025/07/29 12:0 a.m.3 views

CVE-2025-28170

Grandstream Networks GXP1628 =1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files...

7.6CVSS5.9AI score0.0029EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2025/06/05 12:0 a.m.391 views

Grandstream GSD3710 1.0.11.13 - Stack Overflow

!/usr/bin/env python3 Exploit Title: Grandstream GSD3710 1.0.11.13 - Stack Overflow Date: 2025-05-29 Exploit Author: Pepelux Vendor Homepage: https://www.grandstream.com/ Version: Grandstream GSD3710 - firmware:1.0.11.13 and lower Tested on: Linux and MacOS CVE: CVE-2022-2025 """ Author: Jose Lui...

9.8CVSS7.4AI score0.04122EPSS
Exploits1
Exploit DB
Exploit DB
added 2025/05/25 12:0 a.m.465 views

Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow

!/usr/bin/env python3 Exploit Title: Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow Google Dork: if applicable Date: 2025-05-23 Exploit Author: Pepelux user in ExploitDB Vendor Homepage: https://www.grandstream.com/ Software Link: download link if available Version: Grandstream GSD3710 -...

9.8CVSS9.2AI score0.04418EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 p.m.12 views

CVE-2021-37748

Multiple buffer overflows in the limited configuration shell /sbin/gsconfig on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manageif setting, thus bypassing the intended restrictions of this shell and taking full control ...

9CVSS7.7AI score0.07294EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 p.m.7 views

CVE-2021-37915

An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdbdebugserver variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined...

9CVSS6.8AI score0.01964EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.7 views

CVE-2020-5756

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...

9CVSS7.8AI score0.02473EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.9 views

CVE-2020-5739

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defin...

9CVSS7.2AI score0.05339EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.6 views

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

10CVSS8.3AI score0.83926EPSS
Exploits8References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:41 p.m.16 views

CVE-2020-5762

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of t...

7.5CVSS7.2AI score0.03361EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:41 p.m.10 views

CVE-2020-5726

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords...

7.5CVSS8AI score0.04226EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.10 views

CVE-2020-5725

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords...

5.9CVSS8AI score0.01709EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.11 views

CVE-2020-5759

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command...

10CVSS7.9AI score0.03204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.8 views

CVE-2020-5758

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API...

9CVSS7.9AI score0.04375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.7 views

CVE-2020-5738

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/uploadvpntar interface...

9CVSS7.1AI score0.05424EPSS
Exploits1References1
Rows per page
Query Builder