Filtered by vendor Grandstream
Subscriptions
Total
50 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-2070 | 1 Grandstream | 2 Gds3710, Gds3710 Firmware | 2024-11-21 | 9.8 Critical |
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default. | ||||
CVE-2022-2025 | 1 Grandstream | 2 Gds3710, Gds3710 Firmware | 2024-11-21 | 9.8 Critical |
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access. | ||||
CVE-2021-37915 | 1 Grandstream | 2 Ht801, Ht801 Firmware | 2024-11-21 | 8.8 High |
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host. | ||||
CVE-2021-37748 | 1 Grandstream | 2 Ht801, Ht801 Firmware | 2024-11-21 | 8.8 High |
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate. | ||||
CVE-2020-5763 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 8.8 High |
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt. | ||||
CVE-2020-5762 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 7.5 High |
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field. | ||||
CVE-2020-5761 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 7.5 High |
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service. | ||||
CVE-2020-5760 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 7.8 High |
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message. | ||||
CVE-2020-5759 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 9.8 Critical |
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command. | ||||
CVE-2020-5758 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 8.8 High |
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API. | ||||
CVE-2020-5757 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 9.8 Critical |
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API. | ||||
CVE-2020-5756 | 1 Grandstream | 2 Gwn7000, Gwn7000 Firmware | 2024-11-21 | 8.8 High |
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router. | ||||
CVE-2020-5739 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2024-11-21 | 8.8 High |
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges. | ||||
CVE-2020-5738 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2024-11-21 | 8.8 High |
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface. | ||||
CVE-2020-5726 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 7.5 High |
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. | ||||
CVE-2020-5725 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 5.9 Medium |
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords. | ||||
CVE-2020-5724 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 7.5 High |
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. | ||||
CVE-2020-5723 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 9.8 Critical |
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges. | ||||
CVE-2020-5722 | 1 Grandstream | 2 Ucm6200, Ucm6200 Firmware | 2024-11-21 | 9.8 Critical |
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. | ||||
CVE-2020-25218 | 1 Grandstream | 14 Grp2612, Grp2612 Firmware, Grp2612p and 11 more | 2024-11-21 | 9.8 Critical |
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. |