Filtered by vendor Grandstream
Subscriptions
Total
50 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-3963 | 1 Grandstream | 11 Gxv3500, Gxv3501, Gxv3504 and 8 more | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users. | ||||
CVE-2013-3962 | 1 Grandstream | 11 Gxv3500, Gxv3501, Gxv3504 and 8 more | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
CVE-2013-3542 | 1 Grandstream | 26 Gxv3500, Gxv3500 Firmware, Gxv3501 and 23 more | 2024-11-21 | 10.0 Critical |
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. | ||||
CVE-2007-5789 | 1 Grandstream | 1 Ht488 | 2024-11-21 | N/A |
The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060. | ||||
CVE-2007-5788 | 1 Grandstream | 1 Ht488 | 2024-11-21 | N/A |
Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message. | ||||
CVE-2007-4498 | 1 Grandstream | 1 Sip Phone | 2024-11-21 | N/A |
The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message. | ||||
CVE-2007-1590 | 1 Grandstream | 1 Budgetone 200 | 2024-11-21 | N/A |
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain. | ||||
CVE-2006-5231 | 1 Grandstream | 1 Gxp-2000 | 2024-11-21 | N/A |
Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote attackers to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP. | ||||
CVE-2005-2581 | 1 Grandstream | 2 Budgetone 101, Budgetone 102 | 2024-11-21 | N/A |
Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060. | ||||
CVE-2005-2182 | 1 Grandstream | 2 Bt-100, Bt-100 Firmware | 2024-11-21 | 7.5 High |
Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. |