Vulnerabilities > Grandstream > Grp2615 Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-03-29 CVE-2020-25218 Missing Authentication for Critical Function vulnerability in Grandstream products
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.
network
low complexity
grandstream CWE-306
critical
9.8
2021-03-29 CVE-2020-25217 Command Injection vulnerability in Grandstream products
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
network
low complexity
grandstream CWE-77
7.2