CVE-2025-28171

MEDIUM EPSS 30.0%

Published Jul 29, 202511mo ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Jul 29, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi.

CVSS Details

Base Score

6.5

Exploitability

3.9

Impact

2.5

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

30.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-922

Affected Products 2

Vendor	Product	Version	Range
grandstream	ucm6510_firmware	*	≤1.0.20.52
grandstream	ucm6510	*	any

References 3

grandstream.com http://grandstream.com

Product
ucm65xx.com http://ucm65xx.com

Broken Link
gist.github.com https://gist.github.com/Exek1el/a1fe4288f0df0a47068d618579c6b647

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.