CVE Tools

grandstream

CommunicationsUScommercial

14

Cumulative CVEs

8

Monthly snapshots

#52

Peak rank

Top products

ucm6208 firmware4 ucm6202 firmware4 ucm6204 firmware4

Latest CVEs

The 15 most recently published vulnerabilities affecting grandstream.

CVE-2026-2329Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow9.8Feb 18, 2026
CVE-2025-14186Grandstream GXP1625 Network Status api.values.post cross site scripting3.5Dec 7, 2025
CVE-2025-28172Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts...6.5Jul 29, 2025
CVE-2025-28171An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi.6.5Jul 29, 2025
CVE-2025-28170Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories an...7.6Jul 29, 2025
CVE-2024-32937An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to ...8.1Jul 3, 2024
CVE-2024-0840Grandstream UCM Series IP PBX HTTP Parameter Injection8.8Apr 29, 2024
CVE-2022-2070Grandstream GSD3710 Stack-based Buffer Overflow9.8Sep 23, 2022
CVE-2022-2025Grandstream GSD3710 Stack-based Buffer Overflow9.8Sep 23, 2022
CVE-2021-37915An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a ...8.8Oct 28, 2021
CVE-2021-37748Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a cr...8.8Oct 28, 2021
CVE-2020-25217Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.7.2Mar 29, 2021
CVE-2020-25218Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.9.8Mar 29, 2021
CVE-2020-5763Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.8.8Jul 29, 2020
CVE-2020-5762Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a...7.5Jul 29, 2020