Vulnerabilities > Grandstream > Grp2616 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-29 | CVE-2020-25218 | Missing Authentication for Critical Function vulnerability in Grandstream products Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. | 9.8 |
| 2021-03-29 | CVE-2020-25217 | Command Injection vulnerability in Grandstream products Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. | 7.2 |