Grandstream: Security Vulnerabilities
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.
CVSS Score
9.3
EPSS Score
0.326
Published
2026-02-18
Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-07-29
An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-07-29
Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force attack.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-07-29
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.
CVSS Score
8.1
EPSS Score
0.061
Published
2024-07-03
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.
CVSS Score
9.8
EPSS Score
0.113
Published
2022-09-23
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.
CVSS Score
9.8
EPSS Score
0.094
Published
2022-09-23
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.
CVSS Score
8.8
EPSS Score
0.119
Published
2021-10-28
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host.
CVSS Score
8.8
EPSS Score
0.008
Published
2021-10-28
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
CVSS Score
7.2
EPSS Score
0.031
Published
2021-03-29
Page 1