Vulnerabilities > Grandstream > Gxv3611Ir HD Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-03-30 CVE-2019-10661 Improper Authentication vulnerability in Grandstream Gxv3611Ir HD Firmware
On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password.
network
low complexity
grandstream CWE-287
critical
9.8
2019-03-30 CVE-2019-10660 OS Command Injection vulnerability in Grandstream Gxv3611Ir HD Firmware
Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.
network
low complexity
grandstream CWE-78
8.8