Aggregates CVE and security vulnerability intelligence across all Grandstream-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf, vendor risk memory corruption, vendor risk cross-site scripting, and vendor risk path handling and related problems; some flaws may lead to vendor impact data exposure.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-2329 | An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630. | [email protected] | 9.3 | 24.82% | 2026-02-18 | 2026-02-20 |
| CVE-2025-28170 | Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files. | [email protected] | 7.6 | 0.40% | 2025-07-29 | 2025-08-06 |
| CVE-2025-28171 | An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi. | [email protected] | 6.5 | 0.25% | 2025-07-29 | 2025-08-06 |
| CVE-2025-28172 | Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force attack. | [email protected] | 6.5 | 0.18% | 2025-07-29 | 2025-08-06 |
| CVE-2024-32937 | An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. | [email protected] | 8.1 | 6.08% | 2024-07-03 | 2025-11-04 |
| CVE-2022-2070 | In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default. | [email protected] | 9.8 | 9.44% | 2022-09-23 | 2024-11-21 |
| CVE-2022-2025 | an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access. | [email protected] | 9.8 | 11.32% | 2022-09-23 | 2024-11-21 |
| CVE-2021-37915 | An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host. | [email protected] | 8.8 | 0.79% | 2021-10-28 | 2024-11-21 |
| CVE-2021-37748 | Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate. | [email protected] | 8.8 | 11.92% | 2021-10-28 | 2024-11-21 |
| CVE-2020-25218 | Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. | [email protected] | 9.8 | 0.30% | 2021-03-29 | 2024-11-21 |
| CVE-2020-25217 | Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. | [email protected] | 7.2 | 3.09% | 2021-03-29 | 2024-11-21 |
| CVE-2020-5763 | Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt. | [email protected] | 8.8 | 1.62% | 2020-07-29 | 2024-11-21 |
| CVE-2020-5762 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field. | [email protected] | 7.5 | 4.64% | 2020-07-29 | 2024-11-21 |
| CVE-2020-5761 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service. | [email protected] | 7.5 | 3.89% | 2020-07-29 | 2024-11-21 |
| CVE-2020-5760 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message. | [email protected] | 7.8 | 5.05% | 2020-07-29 | 2024-11-21 |
| CVE-2020-5759 | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command. | [email protected] | 9.8 | 10.19% | 2020-07-17 | 2024-11-21 |
| CVE-2020-5758 | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API. | [email protected] | 8.8 | 4.97% | 2020-07-17 | 2024-11-21 |
| CVE-2020-5757 | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API. | [email protected] | 9.8 | 22.48% | 2020-07-17 | 2024-11-21 |
| CVE-2020-5756 | Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router. | [email protected] | 8.8 | 1.30% | 2020-07-17 | 2024-11-21 |
| CVE-2020-5739 | Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges. | [email protected] | 8.8 | 2.46% | 2020-04-14 | 2024-11-21 |