CVE-2025-28172

Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force attack.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://grandstream.com	Product
https://gist.github.com/Exek1el/6291185a87c98d4229181212b2bd5cdf	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:grandstream:ucm6510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:ucm6510:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-07-29 15:15

Updated : 2025-08-06 20:53

NVD link : CVE-2025-28172

Mitre link : CVE-2025-28172

CVE.ORG link : CVE-2025-28172

JSON object : View

Products Affected

grandstream

ucm6510_firmware
ucm6510

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

{"id": "CVE-2025-28172", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-07-29T15:15:34.450", "references": [{"url": "http://grandstream.com", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://gist.github.com/Exek1el/6291185a87c98d4229181212b2bd5cdf", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force attack."}, {"lang": "es", "value": "Grandstream Networks UCM6510 v1.0.20.52 y versiones anteriores son vulnerables a la restricci\u00f3n indebida de intentos de autenticaci\u00f3n excesivos. Un atacante puede realizar un n\u00famero arbitrario de intentos de autenticaci\u00f3n con diferentes contrase\u00f1as y, finalmente, obtener acceso a la cuenta objetivo mediante un ataque de fuerza bruta."}], "lastModified": "2025-08-06T20:53:49.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:ucm6510_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "133D6AB5-3DBD-49A0-A9C5-020E7DB4A4D7", "versionEndIncluding": "1.0.20.52"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:ucm6510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "03A8A45C-184E-4B73-8161-EE6C05CCF26D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}