Vulnerabilities > Grandstream

DATE CVE VULNERABILITY TITLE RISK
2021-03-29 CVE-2020-25218 Improper Authentication vulnerability in Grandstream products
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.
network
low complexity
grandstream CWE-287
critical
10.0
2021-03-29 CVE-2020-25217 Command Injection vulnerability in Grandstream products
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
network
low complexity
grandstream CWE-77
critical
9.0
2020-07-29 CVE-2020-5763 Inadequate Encryption Strength vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service.
network
low complexity
grandstream CWE-326
critical
9.0
2020-07-29 CVE-2020-5762 Null Pointer Dereference vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service.
network
low complexity
grandstream CWE-476
5.0
2020-07-29 CVE-2020-5761 Infinite Loop vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service.
network
low complexity
grandstream CWE-835
7.8
2020-07-29 CVE-2020-5760 OS Command Injection vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability.
network
grandstream CWE-78
critical
9.3
2020-07-17 CVE-2020-5759 OS Command Injection vulnerability in Grandstream products
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH.
network
low complexity
grandstream CWE-78
critical
10.0
2020-07-17 CVE-2020-5758 OS Command Injection vulnerability in Grandstream products
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP.
network
low complexity
grandstream CWE-78
critical
9.0
2020-07-17 CVE-2020-5757 OS Command Injection vulnerability in Grandstream products
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP.
network
low complexity
grandstream CWE-78
critical
10.0
2020-07-17 CVE-2020-5756 OS Command Injection vulnerability in Grandstream Gwn7000 Firmware 1.0.6.32
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API.
network
low complexity
grandstream CWE-78
critical
9.0