CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-32937
https://notcve.org/view.php?id=CVE-2024-32937
03 Jul 2024 — An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1978 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0840 – Grandstream UCM Series IP PBX HTTP Parameter Injection
https://notcve.org/view.php?id=CVE-2024-0840
29 Apr 2024 — The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510. La central IP Grandstream UCM Series anterior a la versión de firmware 1.0.20.52 se ve afectada por una vulnerabilidad de inyección de parámet... • https://vulncheck.com/advisories/grand-stream-param-injection • CWE-141: Improper Neutralization of Parameter/Argument Delimiters •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-50015
https://notcve.org/view.php?id=CVE-2023-50015
09 Mar 2024 — An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token. Se descubrió un problema en Grandstream GXP14XX 1.0.8.9 y GXP16XX 1.0.7.13, que permite a atacantes remotos escalar privilegios a través de un control de acceso incorrecto utilizando un token de identidad de sesión de usuario final. • https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-50015 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2070 – Grandstream GSD3710 Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-2070
23 Sep 2022 — In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default. En Grandstream GSD3710 en versión 1.0.11.13, es posible desbordar la pila ya que no comprueba la longitud del ... • https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2025 – Grandstream GSD3710 Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-2025
23 Sep 2022 — an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access. un atacante con conocimiento del usuario/pass de Grandstream GSD3710 en versión 1.0.11.13, podría desbordar la pila ya que no comprueba la longitud del parámetro antes de usar la instrucción strcopy. La explotación de esta vul... • https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-37915
https://notcve.org/view.php?id=CVE-2021-37915
28 Oct 2021 — An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host. Se ha detectado un problema en Grandstream HT801 Analog Telephone Adaptor versiones anteriores a 1.0.29.8. Desde el shell de configuración limitada, es posible establecer la variable maliciosa gdb_debug_serve... • http://firmware.grandstream.com/BETA/Release_Note_HT80x_1.0.29.8.pdf •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 2CVE-2021-37748
https://notcve.org/view.php?id=CVE-2021-37748
28 Oct 2021 — Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate. Múltiples desbordamientos de búfer en el shell de configuración limitada (/sbin/gs_config) en los dispositivos Grandstream HT80... • https://github.com/SECFORCE/CVE-2021-37748 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2020-25217
https://notcve.org/view.php?id=CVE-2020-25217
29 Mar 2021 — Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. El teléfono VoIP Grandstream GRP261x que ejecuta la versión de firmware 1.0.3.6 (Base), permite una Inyección de Comando como root en su interfaz web administrativa • https://cwe.mitre.org/data/definitions/77.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2020-25218
https://notcve.org/view.php?id=CVE-2020-25218
29 Mar 2021 — Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. El teléfono VoIP Grandstream GRP261x que ejecuta la versión de firmware 1.0.3.6 (Base), permite una Omisión de Autenticación en su interfaz web administrativa • https://cwe.mitre.org/data/definitions/306.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 1CVE-2020-5763
https://notcve.org/view.php?id=CVE-2020-5763
29 Jul 2020 — Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt. Grandstream serie HT800 versiones de firmware 1.0.17.5 y posteriores, contiene una backdoor en el servicio SSH. Un atacante remoto autenticado puede obtener un root shell cuando responde correctamente una petición de desafío • https://www.tenable.com/security/research/tra-2020-43 • CWE-326: Inadequate Encryption Strength CWE-489: Active Debug Code •