CVE-2020-25217

Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:grandstream:grp2612_firmware:1.0.3.6:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:grp2612:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:grandstream:grp2612p_firmware:1.0.3.6:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:grp2612p:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:grandstream:grp2612w_firmware:1.0.3.6:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:grp2612w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:grandstream:grp2613_firmware:1.0.3.6:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:grp2613:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:grandstream:grp2614_firmware:1.0.3.6:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:grp2614:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:grandstream:grp2615_firmware:1.0.3.6:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:grp2615:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:grandstream:grp2616_firmware:1.0.3.6:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:grp2616:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:17

Type Values Removed Values Added
References () https://cwe.mitre.org/data/definitions/77.html - Third Party Advisory () https://cwe.mitre.org/data/definitions/77.html - Third Party Advisory
References () https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0001/FEYE-2021-0001.md - Third Party Advisory () https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0001/FEYE-2021-0001.md - Third Party Advisory

Information

Published : 2021-03-29 17:15

Updated : 2024-11-21 05:17


NVD link : CVE-2020-25217

Mitre link : CVE-2020-25217

CVE.ORG link : CVE-2020-25217


JSON object : View

Products Affected

grandstream

  • grp2613
  • grp2616_firmware
  • grp2612
  • grp2616
  • grp2612_firmware
  • grp2612p
  • grp2614_firmware
  • grp2612p_firmware
  • grp2615
  • grp2612w_firmware
  • grp2615_firmware
  • grp2614
  • grp2612w
  • grp2613_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')