Vulnerabilities > Grandstream > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-10-28 CVE-2021-37748 Out-of-bounds Write vulnerability in Grandstream Ht801 Firmware 1.0.17.5
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device.
network
low complexity
grandstream CWE-787
critical
9.0
2021-10-28 CVE-2021-37915 Unspecified vulnerability in Grandstream Ht801 Firmware 1.0.17.5
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8.
network
low complexity
grandstream
critical
9.0
2021-03-29 CVE-2020-25218 Missing Authentication for Critical Function vulnerability in Grandstream products
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.
network
low complexity
grandstream CWE-306
critical
9.8
2020-07-29 CVE-2020-5763 Inadequate Encryption Strength vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service.
network
low complexity
grandstream CWE-326
critical
9.0
2020-07-29 CVE-2020-5760 OS Command Injection vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability.
network
grandstream CWE-78
critical
9.3
2020-07-17 CVE-2020-5759 OS Command Injection vulnerability in Grandstream products
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH.
network
low complexity
grandstream CWE-78
critical
10.0
2020-07-17 CVE-2020-5758 OS Command Injection vulnerability in Grandstream products
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP.
network
low complexity
grandstream CWE-78
critical
9.0
2020-07-17 CVE-2020-5757 OS Command Injection vulnerability in Grandstream products
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP.
network
low complexity
grandstream CWE-78
critical
10.0
2020-07-17 CVE-2020-5756 OS Command Injection vulnerability in Grandstream Gwn7000 Firmware 1.0.6.32
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API.
network
low complexity
grandstream CWE-78
critical
9.0
2020-04-14 CVE-2020-5739 Code Injection vulnerability in Grandstream products
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface.
network
low complexity
grandstream CWE-94
critical
9.0