Vulnerabilities > Grandstream > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-29 | CVE-2020-5762 | NULL Pointer Dereference vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. | 5.0 |
2020-03-30 | CVE-2020-5726 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. | 5.0 |
2020-03-30 | CVE-2020-5725 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. | 4.3 |
2020-03-30 | CVE-2020-5724 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. | 5.0 |
2020-03-30 | CVE-2020-5723 | Cleartext Storage of Sensitive Information vulnerability in Grandstream products The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. | 5.0 |
2019-04-01 | CVE-2018-17563 | Missing Encryption of Sensitive Data vulnerability in Grandstream products A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext. | 5.0 |
2019-03-30 | CVE-2019-10663 | SQL Injection vulnerability in Grandstream Ucm6204 Firmware Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. | 6.5 |
2019-03-30 | CVE-2019-10657 | OS Command Injection vulnerability in Grandstream Gwn7000 Firmware and Gwn7610 Firmware Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request. | 6.5 |
2017-11-06 | CVE-2017-16565 | Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. | 6.8 |
2017-11-06 | CVE-2017-16563 | Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. | 6.0 |