Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.
Max CVSS
7.5
EPSS Score
0.47%
Published
2005-07-11
Updated
2024-02-08
Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060.
Max CVSS
5.0
EPSS Score
7.74%
Published
2005-08-16
Updated
2016-10-18
Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote attackers to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP.
Max CVSS
7.8
EPSS Score
4.69%
Published
2006-10-11
Updated
2017-07-20
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain.
Max CVSS
7.8
EPSS Score
24.39%
Published
2007-03-21
Updated
2017-07-29
The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message.
Max CVSS
7.8
EPSS Score
79.78%
Published
2007-08-23
Updated
2017-07-29
Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message.
Max CVSS
7.1
EPSS Score
0.81%
Published
2007-11-01
Updated
2017-07-29
The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.
Max CVSS
7.8
EPSS Score
1.39%
Published
2007-11-01
Updated
2017-07-29
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.
Max CVSS
10.0
EPSS Score
0.62%
Published
2019-12-11
Updated
2019-12-19
Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Max CVSS
4.3
EPSS Score
0.11%
Published
2013-10-01
Updated
2013-10-02
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
Max CVSS
6.8
EPSS Score
0.10%
Published
2013-10-01
Updated
2013-10-02
SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.
Max CVSS
7.5
EPSS Score
0.15%
Published
2015-07-08
Updated
2017-09-03
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/.
Max CVSS
8.1
EPSS Score
0.18%
Published
2017-04-21
Updated
2018-10-09
The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.
Max CVSS
5.9
EPSS Score
0.11%
Published
2017-04-21
Updated
2018-10-09
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.
Max CVSS
7.8
EPSS Score
0.13%
Published
2017-04-21
Updated
2018-10-09
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.
Max CVSS
8.0
EPSS Score
0.08%
Published
2017-11-06
Updated
2017-11-27
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).
Max CVSS
5.4
EPSS Score
0.07%
Published
2017-11-06
Updated
2017-11-27
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.
Max CVSS
8.8
EPSS Score
0.11%
Published
2017-11-06
Updated
2017-11-27
A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.
Max CVSS
5.3
EPSS Score
0.09%
Published
2019-04-01
Updated
2019-10-03
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.
Max CVSS
9.8
EPSS Score
0.24%
Published
2019-04-01
Updated
2020-08-24
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.
Max CVSS
10.0
EPSS Score
0.27%
Published
2019-04-01
Updated
2019-10-03

CVE-2019-10655

Public exploit
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.
Max CVSS
9.8
EPSS Score
92.78%
Published
2019-03-30
Updated
2022-04-18
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.
Max CVSS
9.0
EPSS Score
0.21%
Published
2019-03-30
Updated
2023-03-01
Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.
Max CVSS
6.5
EPSS Score
0.17%
Published
2019-03-30
Updated
2023-03-01
Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.
Max CVSS
8.8
EPSS Score
0.21%
Published
2019-03-30
Updated
2023-03-01
Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.
Max CVSS
8.8
EPSS Score
0.20%
Published
2019-03-30
Updated
2023-03-01
51 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!