Vulnerabilities > Grandstream > High

DATE CVE VULNERABILITY TITLE RISK
2007-08-23 CVE-2007-4498 Remote Denial of Service vulnerability in Grandstream SIP Phone Gxv3000
The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message.
network
grandstream
7.8
2007-03-21 CVE-2007-1590 Remote Denial of Service vulnerability in Grandstream Budgetone 200 1.1.1.14/1.1.1.5
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain.
network
low complexity
grandstream
7.8
2006-10-11 CVE-2006-5231 Denial Of Service vulnerability in Grandstream Gxp-2000 1.1.0.5
Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote attackers to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP.
network
low complexity
grandstream
7.8
2005-07-11 CVE-2005-2182 Improper Verification of Cryptographic Signature vulnerability in Grandstream Bt-100 Firmware
Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.
network
low complexity
grandstream CWE-347
7.5