An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi.
History

Wed, 06 Aug 2025 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Grandstream
Grandstream ucm6510
Grandstream ucm6510 Firmware
CPEs cpe:2.3:h:grandstream:ucm6510:-:*:*:*:*:*:*:*
cpe:2.3:o:grandstream:ucm6510_firmware:*:*:*:*:*:*:*:*
Vendors & Products Grandstream
Grandstream ucm6510
Grandstream ucm6510 Firmware

Tue, 29 Jul 2025 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-922
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 29 Jul 2025 15:45:00 +0000

Type Values Removed Values Added
Description An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-07-29T00:00:00.000Z

Updated: 2025-07-29T18:27:11.802Z

Reserved: 2025-03-11T00:00:00.000Z

Link: CVE-2025-28171

cve-icon Vulnrichment

Updated: 2025-07-29T18:27:05.245Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-29T16:15:24.287

Modified: 2025-08-06T20:48:13.240

Link: CVE-2025-28171

cve-icon Redhat

No data.