CVE-2025-28172
MEDIUMGrandstream UCM6510 Firmware < 1.0.20.52 - Improper Restriction of Excessive Authentication Attempts
Title source: llmDescription
Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force attack.
References (2)
Core 2
Core References
Product
http://grandstream.com
Third Party Advisory
https://gist.github.com/Exek1el/6291185a87c98d4229181212b2bd5cdf
Scores
CVSS v3
6.5
EPSS
0.0027
EPSS Percentile
18.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-307
Status
published
Products (1)
grandstream/ucm6510_firmware
< 1.0.20.52
Published
Jul 29, 2025
Tracked Since
Feb 18, 2026