Vulnerabilities > Grandstream

DATE CVE VULNERABILITY TITLE RISK
2022-09-23 CVE-2022-2025 Out-of-bounds Write vulnerability in Grandstream Gds3710 Firmware 1.0.11.13
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction.
network
low complexity
grandstream CWE-787
critical
9.8
2022-09-23 CVE-2022-2070 Out-of-bounds Write vulnerability in Grandstream Gds3710 Firmware 1.0.11.13
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction.
network
low complexity
grandstream CWE-787
critical
9.8
2021-10-28 CVE-2021-37748 Out-of-bounds Write vulnerability in Grandstream Ht801 Firmware 1.0.17.5
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device.
network
low complexity
grandstream CWE-787
8.8
2021-10-28 CVE-2021-37915 Unspecified vulnerability in Grandstream Ht801 Firmware 1.0.17.5/1.0.29
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8.
network
low complexity
grandstream
8.8
2021-03-29 CVE-2020-25218 Missing Authentication for Critical Function vulnerability in Grandstream products
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.
network
low complexity
grandstream CWE-306
critical
9.8
2021-03-29 CVE-2020-25217 Command Injection vulnerability in Grandstream products
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
network
low complexity
grandstream CWE-77
7.2
2020-07-29 CVE-2020-5763 Inadequate Encryption Strength vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service.
network
low complexity
grandstream CWE-326
8.8
2020-07-29 CVE-2020-5762 NULL Pointer Dereference vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service.
network
low complexity
grandstream CWE-476
7.5
2020-07-29 CVE-2020-5761 Infinite Loop vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service.
network
low complexity
grandstream CWE-835
7.5
2020-07-29 CVE-2020-5760 OS Command Injection vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability.
local
low complexity
grandstream CWE-78
7.8