CVE-2020-25217: Command Injection
First published: Mon Mar 29 2021(Updated: )
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Grandstream GRP2612 Firmware | =1.0.3.6 | |
| Grandstream GRP2612 | ||
| Grandstream GRP2612P Firmware | =1.0.3.6 | |
| Grandstream GRP2612P | ||
| Grandstream GRP2612W Firmware | =1.0.3.6 | |
| Grandstream GRP2612W | ||
| Grandstream GRP2613 | =1.0.3.6 | |
| Grandstream GRP2613 | ||
| Grandstream GRP2614 Firmware | =1.0.3.6 | |
| Grandstream GRP2614 | ||
| Grandstream GRP2615 | =1.0.3.6 | |
| Grandstream GRP2615 | ||
| Grandstream GRP2616 Firmware | =1.0.3.6 | |
| Grandstream GRP2616 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-25217?
CVE-2020-25217 is a vulnerability found in the Grandstream GRP261x VoIP phone's administrative web interface.
What is the severity of CVE-2020-25217?
CVE-2020-25217 has a severity level of 7.2 (critical).
How can I exploit CVE-2020-25217?
CVE-2020-25217 allows command injection as root in the administrative web interface of the Grandstream GRP261x VoIP phone.
Is Grandstream GRP261x vulnerable to CVE-2020-25217?
Yes, Grandstream GRP261x with firmware version 1.0.3.6 is vulnerable to CVE-2020-25217.
How can I fix CVE-2020-25217?
To fix CVE-2020-25217, update the firmware of the Grandstream GRP261x VoIP phone to a version that is not affected.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/grandstream
- canonical/grandstream grp2612 firmware
- version/grandstream grp2612 firmware/1.0.3.6
- canonical/grandstream grp2612
- canonical/grandstream grp2612p firmware
- version/grandstream grp2612p firmware/1.0.3.6
- canonical/grandstream grp2612p
- canonical/grandstream grp2612w firmware
- version/grandstream grp2612w firmware/1.0.3.6
- canonical/grandstream grp2612w
- canonical/grandstream grp2613
- version/grandstream grp2613/1.0.3.6
- canonical/grandstream grp2614 firmware
- version/grandstream grp2614 firmware/1.0.3.6
- canonical/grandstream grp2614
- canonical/grandstream grp2615
- version/grandstream grp2615/1.0.3.6
- canonical/grandstream grp2616 firmware
- version/grandstream grp2616 firmware/1.0.3.6
- canonical/grandstream grp2616