Browse all 6 CVE security advisories affecting Grandstream. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Grandstream develops IP communication solutions including VoIP phones, video conferencing systems, and UCM platforms for business and residential use. Historically, their products have faced vulnerabilities like remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and authentication flaws. While no major public security incidents have been widely reported, the six CVEs on record highlight recurring issues in web interfaces and firmware. Security researchers have noted weak default configurations and insufficient encryption in some models, emphasizing the need for regular updates and hardening. The company's products remain popular in SMB deployments but require careful security implementation to mitigate identified risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-0840 | Grandstream UCM Series IP PBX HTTP Parameter Injection — UCM SeriesCWE-141 | 8.8 | High | 2024-04-29 |
This page lists every published CVE security advisory associated with Grandstream. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.