Vulnerabilities > Grandstream
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-23 | CVE-2022-2025 | Out-of-bounds Write vulnerability in Grandstream Gds3710 Firmware 1.0.11.13 an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. | 9.8 |
| 2022-09-23 | CVE-2022-2070 | Out-of-bounds Write vulnerability in Grandstream Gds3710 Firmware 1.0.11.13 In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. | 9.8 |
| 2021-10-28 | CVE-2021-37748 | Out-of-bounds Write vulnerability in Grandstream Ht801 Firmware 1.0.17.5 Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. | 8.8 |
| 2021-10-28 | CVE-2021-37915 | Unspecified vulnerability in Grandstream Ht801 Firmware 1.0.17.5/1.0.29 An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. | 8.8 |
| 2021-03-29 | CVE-2020-25218 | Missing Authentication for Critical Function vulnerability in Grandstream products Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. | 9.8 |
| 2021-03-29 | CVE-2020-25217 | Command Injection vulnerability in Grandstream products Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. | 7.2 |
| 2020-07-29 | CVE-2020-5763 | Inadequate Encryption Strength vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. | 8.8 |
| 2020-07-29 | CVE-2020-5762 | NULL Pointer Dereference vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. | 7.5 |
| 2020-07-29 | CVE-2020-5761 | Infinite Loop vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. | 7.5 |
| 2020-07-29 | CVE-2020-5760 | OS Command Injection vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. | 7.8 |