Known Vulnerabilities for products from Grandstream
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Grandstream".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Grandstream can be found at device.report : Grandstream
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-2070 json | In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length ... | 9.8 - CRITICAL | 2022-09-23 | 2022-09-26 |
| CVE-2022-2025 json | an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it do... | 9.8 - CRITICAL | 2022-09-23 | 2022-09-26 |
| CVE-2021-37915 json | An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration she... | 8.8 - HIGH | 2021-10-28 | 2021-11-02 |
| CVE-2021-37748 json | Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 all... | 8.8 - HIGH | 2021-10-28 | 2021-11-03 |
| CVE-2020-25218 json | Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web ... | 9.8 - CRITICAL | 2021-03-29 | 2022-10-05 |
| CVE-2020-25217 json | Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative... | 7.2 - HIGH | 2021-03-29 | 2022-10-05 |
| CVE-2020-5763 json | Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote a... | 8.8 - HIGH | 2020-07-29 | 2020-07-31 |
| CVE-2020-5762 json | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 s... | 7.5 - HIGH | 2020-07-29 | 2020-07-31 |
| CVE-2020-5761 json | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the T... | 7.5 - HIGH | 2020-07-29 | 2020-07-31 |
| CVE-2020-5760 json | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthen... | 7.8 - HIGH | 2020-07-29 | 2020-07-31 |
| CVE-2020-5759 json | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticat... | 9.8 - CRITICAL | 2020-07-17 | 2020-07-23 |
| CVE-2020-5758 json | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authentica... | 8.8 - HIGH | 2020-07-17 | 2020-07-23 |
| CVE-2020-5757 json | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authentica... | 9.8 - CRITICAL | 2020-07-17 | 2020-07-23 |
| CVE-2020-5756 json | Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via u... | 8.8 - HIGH | 2020-07-17 | 2020-07-22 |
| CVE-2020-5739 json | Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attac... | 8.8 - HIGH | 2020-04-14 | 2020-04-14 |
| CVE-2020-5738 json | Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attac... | 8.8 - HIGH | 2020-04-14 | 2020-04-14 |
| CVE-2020-5726 json | The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote u... | 7.5 - HIGH | 2020-03-30 | 2020-03-31 |
| CVE-2020-5725 json | The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. ... | 5.9 - MEDIUM | 2020-03-30 | 2020-03-31 |
| CVE-2020-5724 json | The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. ... | 7.5 - HIGH | 2020-03-30 | 2020-03-30 |
| CVE-2020-5723 json | The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker ... | 9.8 - CRITICAL | 2020-03-30 | 2020-04-01 |
Known software with vulnerabilities from Grandstream
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Grandstream | Gac2500 | - |
| Operating System | Grandstream | Gac2500 Firmware | 1.0.1.18 |
| Hardware | Grandstream | Gvc3202 | - |
| Operating System | Grandstream | Gvc3202 Firmware | 1.0.1.48 |
| Hardware | Grandstream | Gwn7000 | - |
| Operating System | Grandstream | Gwn7000 Firmware | - |
| Hardware | Grandstream | Gwn7610 | - |
| Operating System | Grandstream | Gwn7610 Firmware | - |
| Hardware | Grandstream | Gxp1610 | - |
| Operating System | Grandstream | Gxp1610 Firmware | 1.0.4.100 |
| Hardware | Grandstream | Gxp1615 | - |
| Operating System | Grandstream | Gxp1615 Firmware | 1.0.4.100 |
| Hardware | Grandstream | Gxp1620 | - |
| Operating System | Grandstream | Gxp1620 Firmware | 1.0.4.100 |
| Hardware | Grandstream | Gxp1625 | - |
| Operating System | Grandstream | Gxp1625 Firmware | 1.0.4.100 |
| Hardware | Grandstream | Gxp1628 | - |
| Operating System | Grandstream | Gxp1628 Firmware | 1.0.4.100 |
| Hardware | Grandstream | Gxp1630 | - |
| Operating System | Grandstream | Gxp1630 Firmware | 1.0.4.100 |