Vulnerabilities > Grandstream > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-28 CVE-2021-37748 Out-of-bounds Write vulnerability in Grandstream Ht801 Firmware 1.0.17.5
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device.
network
low complexity
grandstream CWE-787
8.8
2021-10-28 CVE-2021-37915 Unspecified vulnerability in Grandstream Ht801 Firmware 1.0.17.5/1.0.29
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8.
network
low complexity
grandstream
8.8
2021-03-29 CVE-2020-25217 Command Injection vulnerability in Grandstream products
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
network
low complexity
grandstream CWE-77
7.2
2020-07-29 CVE-2020-5763 Inadequate Encryption Strength vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service.
network
low complexity
grandstream CWE-326
8.8
2020-07-29 CVE-2020-5762 NULL Pointer Dereference vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service.
network
low complexity
grandstream CWE-476
7.5
2020-07-29 CVE-2020-5761 Infinite Loop vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service.
network
low complexity
grandstream CWE-835
7.5
2020-07-29 CVE-2020-5760 OS Command Injection vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability.
local
low complexity
grandstream CWE-78
7.8
2020-07-17 CVE-2020-5758 OS Command Injection vulnerability in Grandstream products
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP.
network
low complexity
grandstream CWE-78
8.8
2020-07-17 CVE-2020-5756 OS Command Injection vulnerability in Grandstream Gwn7000 Firmware 1.0.6.32
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API.
network
low complexity
grandstream CWE-78
8.8
2020-04-14 CVE-2020-5739 Code Injection vulnerability in Grandstream products
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface.
network
low complexity
grandstream CWE-94
8.8