Skip to content

jcrashkit/grandstream_exploits

BranchesTags
 
 

Repository files navigation

Grandstream Exploits

Below are working PoCs for a bunch of remote code execution vulnerabilties that I found in a range of Grandstream devices.

CVE Model Device Type Vulnerability Affected Versions
CVE-2019-10655 GAC2500 Audio Conferencing Unit Unauthenticated RCE <= 1.0.3.35
CVE-2019-10655 GVC3202 Video Conferencing Unit Unauthenticated RCE < 1.0.3.51
CVE-2019-10655 GXV3275 IP Video Phone Unauthenticated RCE < 1.0.3.219
CVE-2019-10655 GXV3240 IP Video Phone Unauthenticated RCE < 1.0.3.219
CVE-2019-10655 GXP2200* IP Video Phone Unauthenticated RCE <= 1.0.3.27
CVE-2019-10659 GXV3370 IP Video Phone Authenticated RCE < 1.0.1.41
CVE-2019-10656 GWN7000 Enterprise Router Authenticated RCE < 1.0.6.32
CVE-2019-10658 GWN7610 WiFi Access Point Authenticated RCE < 1.0.8.18
CVE-2019-10660 GXV3611IR_HD IP Camera Authenticated RCE < 1.0.3.23
CVE-2019-10662 UCM62xx IP PBX Authenticated RCE < 1.0.19.20
CVE-2019-10659 WP820 Enterprise WiFi IP Phone Authenticated RCE < 1.0.3.6

* Unpatched due to end of life product.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 94.4%
  • HTML 5.6%