Vulnerabilities > Grandstream
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-23 | CVE-2020-5722 | SQL Injection vulnerability in Grandstream Ucm6200 Firmware The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. | 9.8 |
| 2019-12-11 | CVE-2013-3542 | Use of Hard-coded Credentials vulnerability in Grandstream products Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. | 10.0 |
| 2019-04-01 | CVE-2018-17565 | OS Command Injection vulnerability in Grandstream products Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell. | 9.8 |
| 2019-04-01 | CVE-2018-17564 | Unspecified vulnerability in Grandstream products A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device. | 9.8 |
| 2019-04-01 | CVE-2018-17563 | Missing Encryption of Sensitive Data vulnerability in Grandstream products A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext. | 5.3 |
| 2019-03-30 | CVE-2019-10663 | SQL Injection vulnerability in Grandstream Ucm6204 Firmware Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. | 8.8 |
| 2019-03-30 | CVE-2019-10662 | OS Command Injection vulnerability in Grandstream Ucm6204 Firmware Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI. | 8.8 |
| 2019-03-30 | CVE-2019-10661 | Improper Authentication vulnerability in Grandstream Gxv3611Ir HD Firmware On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. | 9.8 |
| 2019-03-30 | CVE-2019-10660 | OS Command Injection vulnerability in Grandstream Gxv3611Ir HD Firmware Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. | 8.8 |
| 2019-03-30 | CVE-2019-10659 | OS Command Injection vulnerability in Grandstream Gxv3370 Firmware and Wp820 Firmware Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field. | 8.8 |