Vulnerabilities > Grandstream > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-28 | CVE-2021-37748 | Out-of-bounds Write vulnerability in Grandstream Ht801 Firmware 1.0.17.5 Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. | 8.8 |
| 2021-10-28 | CVE-2021-37915 | Unspecified vulnerability in Grandstream Ht801 Firmware 1.0.17.5/1.0.29 An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. | 8.8 |
| 2021-03-29 | CVE-2020-25217 | Command Injection vulnerability in Grandstream products Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. | 7.2 |
| 2020-07-29 | CVE-2020-5763 | Inadequate Encryption Strength vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. | 8.8 |
| 2020-07-29 | CVE-2020-5762 | NULL Pointer Dereference vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. | 7.5 |
| 2020-07-29 | CVE-2020-5761 | Infinite Loop vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. | 7.5 |
| 2020-07-29 | CVE-2020-5760 | OS Command Injection vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. | 7.8 |
| 2020-07-17 | CVE-2020-5758 | OS Command Injection vulnerability in Grandstream products Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. | 8.8 |
| 2020-07-17 | CVE-2020-5756 | OS Command Injection vulnerability in Grandstream Gwn7000 Firmware 1.0.6.32 Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. | 8.8 |
| 2020-04-14 | CVE-2020-5739 | Code Injection vulnerability in Grandstream products Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. | 8.8 |