Grandstream: Security Vulnerabilities
The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/.
CVSS Score
8.1
EPSS Score
0.008
Published
2017-04-21
The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.
CVSS Score
5.9
EPSS Score
0.002
Published
2017-04-21
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-04-21
SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.
CVSS Score
7.5
EPSS Score
0.016
Published
2015-07-08
Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVSS Score
4.3
EPSS Score
0.002
Published
2013-10-01
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
CVSS Score
6.8
EPSS Score
0.002
Published
2013-10-01
Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message.
CVSS Score
7.1
EPSS Score
0.007
Published
2007-11-01
The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.
CVSS Score
7.8
EPSS Score
0.007
Published
2007-11-01
The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message.
CVSS Score
7.8
EPSS Score
0.129
Published
2007-08-23
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain.
CVSS Score
7.8
EPSS Score
0.074
Published
2007-03-21