PT-2025-31219 · Grandstream · Grandstream Ucm6510

Exek1El

Published

2025-07-29

Updated

2025-07-29

CVE-2025-28171

CVSS v3.1

6.5

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions:

Grandstream UCM6510 versions prior to 1.0.20.53

Description:

An issue allows a remote attacker to obtain sensitive information via the Login function. The vulnerable endpoints are `/cgi` and `/webrtccgi`.

Recommendations:

Update to version 1.0.20.53 or later.

Fix

Insecure Storage of Sensitive Information

Weakness Enumeration

CVE-2025-28171

Grandstream Ucm6510