CVE-2020-5724

Public exploit
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
Max CVSS
7.5
EPSS Score
0.32%
Published
2020-03-30
Updated
2020-03-30

CVE-2020-5723

Public exploit
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.
Max CVSS
9.8
EPSS Score
0.66%
Published
2020-03-30
Updated
2020-04-01

CVE-2020-5722

Known exploited
Public exploit
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.
Max CVSS
10.0
EPSS Score
97.50%
Published
2020-03-23
Updated
2022-02-10
CISA KEV Added
2022-01-28

CVE-2019-10655

Public exploit
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.
Max CVSS
9.8
EPSS Score
92.78%
Published
2019-03-30
Updated
2022-04-18
An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-09
Updated
2024-03-11
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.
Max CVSS
9.8
EPSS Score
0.18%
Published
2022-09-23
Updated
2022-09-26
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.
Max CVSS
9.8
EPSS Score
0.20%
Published
2022-09-23
Updated
2022-09-26
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host.
Max CVSS
9.0
EPSS Score
0.27%
Published
2021-10-28
Updated
2021-11-02
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.
Max CVSS
9.0
EPSS Score
1.23%
Published
2021-10-28
Updated
2021-11-03
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.
Max CVSS
10.0
EPSS Score
0.24%
Published
2021-03-29
Updated
2022-10-05
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
Max CVSS
9.0
EPSS Score
0.14%
Published
2021-03-29
Updated
2022-10-05
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
Max CVSS
9.0
EPSS Score
0.52%
Published
2020-07-29
Updated
2020-07-31
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.
Max CVSS
7.5
EPSS Score
0.58%
Published
2020-07-29
Updated
2020-07-31
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.
Max CVSS
7.8
EPSS Score
0.73%
Published
2020-07-29
Updated
2020-07-31
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.
Max CVSS
9.3
EPSS Score
0.11%
Published
2020-07-29
Updated
2020-07-31
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.
Max CVSS
10.0
EPSS Score
0.26%
Published
2020-07-17
Updated
2020-07-23
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
Max CVSS
9.0
EPSS Score
0.10%
Published
2020-07-17
Updated
2020-07-23
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.
Max CVSS
10.0
EPSS Score
0.15%
Published
2020-07-17
Updated
2020-07-23
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
Max CVSS
9.0
EPSS Score
1.04%
Published
2020-07-17
Updated
2020-07-22
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges.
Max CVSS
9.0
EPSS Score
0.19%
Published
2020-04-14
Updated
2020-04-14
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.
Max CVSS
9.0
EPSS Score
0.24%
Published
2020-04-14
Updated
2020-04-14
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
Max CVSS
7.5
EPSS Score
0.30%
Published
2020-03-30
Updated
2020-03-31
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords.
Max CVSS
5.9
EPSS Score
0.26%
Published
2020-03-30
Updated
2020-03-31
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-03-30
Updated
2019-04-01
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.
Max CVSS
9.0
EPSS Score
0.20%
Published
2019-03-30
Updated
2023-03-01
51 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!