Skip to content

scarvell/grandstream_exploits

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Grandstream Exploits

Below are working PoCs for a bunch of remote code execution vulnerabilties that I found in a range of Grandstream devices.

CVE Model Device Type Vulnerability Affected Versions
CVE-2019-10655 GAC2500 Audio Conferencing Unit Unauthenticated RCE <= 1.0.3.35
CVE-2019-10655 GVC3202 Video Conferencing Unit Unauthenticated RCE < 1.0.3.51
CVE-2019-10655 GXV3275 IP Video Phone Unauthenticated RCE < 1.0.3.219
CVE-2019-10655 GXV3240 IP Video Phone Unauthenticated RCE < 1.0.3.219
CVE-2019-10655 GXP2200* IP Video Phone Unauthenticated RCE <= 1.0.3.27
CVE-2019-10659 GXV3370 IP Video Phone Authenticated RCE < 1.0.1.41
CVE-2019-10656 GWN7000 Enterprise Router Authenticated RCE < 1.0.6.32
CVE-2019-10658 GWN7610 WiFi Access Point Authenticated RCE < 1.0.8.18
CVE-2019-10660 GXV3611IR_HD IP Camera Authenticated RCE < 1.0.3.23
CVE-2019-10662 UCM62xx IP PBX Authenticated RCE < 1.0.19.20
CVE-2019-10659 WP820 Enterprise WiFi IP Phone Authenticated RCE < 1.0.3.6

* Unpatched due to end of life product.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published