Known Vulnerabilities for products from Grandstream
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Grandstream".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Grandstream can be found at device.report : Grandstream
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-2070 | In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length ... | 9.8 - CRITICAL | 2022-09-23 | 2022-09-26 |
| CVE-2022-2025 | an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it do... | 9.8 - CRITICAL | 2022-09-23 | 2022-09-26 |
| CVE-2021-37915 | An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration she... | 8.8 - HIGH | 2021-10-28 | 2021-11-02 |
| CVE-2021-37748 | Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 all... | 8.8 - HIGH | 2021-10-28 | 2021-11-03 |
| CVE-2020-25218 | Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web ... | 9.8 - CRITICAL | 2021-03-29 | 2022-10-05 |
| CVE-2020-25217 | Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative... | 7.2 - HIGH | 2021-03-29 | 2022-10-05 |
| CVE-2020-5763 | Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote a... | 8.8 - HIGH | 2020-07-29 | 2020-07-31 |
| CVE-2020-5762 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 s... | 7.5 - HIGH | 2020-07-29 | 2020-07-31 |
| CVE-2020-5761 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the T... | 7.5 - HIGH | 2020-07-29 | 2020-07-31 |
| CVE-2020-5760 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthen... | 7.8 - HIGH | 2020-07-29 | 2020-07-31 |
| CVE-2020-5759 | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticat... | 9.8 - CRITICAL | 2020-07-17 | 2020-07-23 |
| CVE-2020-5758 | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authentica... | 8.8 - HIGH | 2020-07-17 | 2020-07-23 |
| CVE-2020-5757 | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authentica... | 9.8 - CRITICAL | 2020-07-17 | 2020-07-23 |
| CVE-2020-5756 | Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via u... | 8.8 - HIGH | 2020-07-17 | 2020-07-22 |
| CVE-2020-5739 | Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attac... | 8.8 - HIGH | 2020-04-14 | 2020-04-14 |
| CVE-2020-5738 | Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attac... | 8.8 - HIGH | 2020-04-14 | 2020-04-14 |
| CVE-2020-5726 | The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote u... | 7.5 - HIGH | 2020-03-30 | 2020-03-31 |
| CVE-2020-5725 | The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. ... | 5.9 - MEDIUM | 2020-03-30 | 2020-03-31 |
| CVE-2020-5724 | The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. ... | 7.5 - HIGH | 2020-03-30 | 2020-03-30 |
| CVE-2020-5723 | The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker ... | 9.8 - CRITICAL | 2020-03-30 | 2020-04-01 |
Known software with vulnerabilities from Grandstream
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Grandstream | Gac2500 | - |
| Operating System | Grandstream | Gac2500 Firmware | 1.0.1.18 |
| Hardware | Grandstream | Gvc3202 | - |
| Operating System | Grandstream | Gvc3202 Firmware | 1.0.1.48 |
| Hardware | Grandstream | Gwn7000 | - |
| Operating System | Grandstream | Gwn7000 Firmware | - |
| Hardware | Grandstream | Gwn7610 | - |
| Operating System | Grandstream | Gwn7610 Firmware | - |
| Hardware | Grandstream | Gxp1610 | - |
| Operating System | Grandstream | Gxp1610 Firmware | 1.0.4.100 |
| Hardware | Grandstream | Gxp1615 | - |
| Operating System | Grandstream | Gxp1615 Firmware | 1.0.4.100 |
| Hardware | Grandstream | Gxp1620 | - |
| Operating System | Grandstream | Gxp1620 Firmware | 1.0.4.100 |
| Hardware | Grandstream | Gxp1625 | - |
| Operating System | Grandstream | Gxp1625 Firmware | 1.0.4.100 |
| Hardware | Grandstream | Gxp1628 | - |
| Operating System | Grandstream | Gxp1628 Firmware | 1.0.4.100 |
| Hardware | Grandstream | Gxp1630 | - |
| Operating System | Grandstream | Gxp1630 Firmware | 1.0.4.100 |