Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

ucm6510_firmware

Source -

NVDADP

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-28171
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.00%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 00:00
Updated-06 Aug, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi.

Action-Not Available
Vendor-grandstreamn/a
Product-ucm6510ucm6510_firmwaren/a
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2025-28172
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.62%
||
7 Day CHG+0.02%
Published-29 Jul, 2025 | 00:00
Updated-06 Aug, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force attack.

Action-Not Available
Vendor-grandstreamn/a
Product-ucm6510ucm6510_firmwaren/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2024-0840
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.59%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 18:42
Updated-01 Aug, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grandstream UCM Series IP PBX HTTP Parameter Injection

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.

Action-Not Available
Vendor-Grandstreamgrandstream
Product-UCM Seriesucm6204_firmwareucm6202_firmwareucm6510_firmwareucm6208_firmware
CWE ID-CWE-141
Improper Neutralization of Parameter/Argument Delimiters