CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1520 – Grandstream Wave 1.0.1.26 Update Redirection
https://notcve.org/view.php?id=CVE-2016-1520
18 Mar 2016 — The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application. La Grandstream Wave app 1.0.1.26 y versiones anteriores para Android no utiliza HTTPS cuando recupera la información de actualización, lo que podría permitir que los atacantes man-in-the-middle ejecutar código arbitrario a través de una aplicación manipulada. The Grandstream Wave application version... • https://packetstorm.news/files/id/136291 • CWE-254: 7PK - Security Features •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1518 – Grandstream Wave 1.0.1.26 Man-In-The-Middle
https://notcve.org/view.php?id=CVE-2016-1518
17 Mar 2016 — The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/. El mecanismo de aprovisionamiento automático en la Grandstream Wave app 1.0.1.26... • http://packetstormsecurity.com/files/136280/Grandstream-Wave-1.0.1.26-Man-In-The-Middle.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2015-2866 – Grandsteam GXV3611_HD - SQL Injection
https://notcve.org/view.php?id=CVE-2015-2866
08 Jul 2015 — SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. Vulnerabilidad de inyección SQL en la camera Grandstream GXV3611_HD con firmware anterior a 1.0.3.9 beta permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante el intento de establecer una sesión TELNET con un nombre de usuario manipulado. • https://www.exploit-db.com/exploits/40441 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 26EXPL: 2CVE-2013-3542 – Gentoo Linux Security Advisory 201308-05
https://notcve.org/view.php?id=CVE-2013-3542
13 Jun 2013 — Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, y posiblemente otros modelos de cámara con versión de firmware 1.0.4... • https://packetstorm.news/files/id/122004 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 1CVE-2013-3962 – Grandstream Backdoor / Cross Site Request Forgery / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-3962
13 Jun 2013 — Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Vulnerabilidad de XSS en Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, y posiblemente otros modelos de cámara anteriores al... • https://packetstorm.news/files/id/122004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 2CVE-2013-3963 – Grandstream Multiple IP Cameras - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-3963
13 Jun 2013 — Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users. Vulnerabilidad de CSRF en goform/usermanage en Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, y pos... • https://packetstorm.news/files/id/122004 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-5789
https://notcve.org/view.php?id=CVE-2007-5789
01 Nov 2007 — The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060. The Grandstream HT-488 0.1 permite a atacantes remotos provocar una denegación de servicio (caída del dispositivo) mediante inundación de paquetes fragmentados al puerto 5060. • http://osvdb.org/40186 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-5788
https://notcve.org/view.php?id=CVE-2007-5788
01 Nov 2007 — Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message. Desbordamiento de búfer en el analizador SIP del Grandstream HT-488 0.1 permite a atacantes remotos provocar una denegación de servicio (caída del dispositivo) mediante un mensaje SIP INVITE manipulado. • http://osvdb.org/40187 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 71%CPEs: 3EXPL: 2CVE-2007-4498 – Grandstream GXV-3000 Phone - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4498
23 Aug 2007 — The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message. El Grandstream SIP Phone GXV-3000 con firmware 1.0.1.7, Loader 1.0.0.6, y Boot 1.0.0.18 permite a atacantes remotos forzar la terminación silenciosa de la llamada, espia... • https://www.exploit-db.com/exploits/30517 •
CVSS: 7.8EPSS: 22%CPEs: 2EXPL: 1CVE-2007-1590 – Grandstream Budge Tone-200 IP Phone - Digest domain Denial of Service
https://notcve.org/view.php?id=CVE-2007-1590
21 Mar 2007 — The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain. El teléfono IP Grandstream BudgeTone 200, con el programa 1.1.1.14 y el cargador de arranque 1.1.1.5, permite a atacantes remotos provocar una denegación de servicio (caída del dispositivo) mediante mensajes SIP (1) INVITE, (2) C... • https://www.exploit-db.com/exploits/3535 •