CVE-2025-28172

MEDIUM

Grandstream Ucm6510 Firmware < 1.0.20.52 - Brute Force

Title source: rule

Description

Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force attack.

References (2)

[Product] http://grandstream.com

[Third Party Advisory] https://gist.github.com/Exek1el/6291185a87c98d4229181212b2bd5cdf

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 17.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-307

Status published

Products (1)

grandstream/ucm6510_firmware < 1.0.20.52

Published Jul 29, 2025

Tracked Since Feb 18, 2026