CVE-2025-28171
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-08-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| grandstream | ucm6510_firmware | to 1.0.20.52 (inc) |
| grandstream | ucm6510 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-922 | The product stores sensitive information without properly limiting read or write access by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-28171 is a user enumeration vulnerability in the Grandstream UCM6510 VoIP device (firmware up to 1.0.20.52). It allows a remote attacker to determine valid usernames by sending specially crafted requests to the /cgi and /webrtccgi login endpoints. The system responds with different status codes depending on whether a username exists, enabling attackers to identify valid users. This can facilitate further attacks like brute force or account takeover. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to enumerate valid usernames on your Grandstream UCM6510 device. Knowing valid usernames makes it easier for attackers to perform brute force attacks or attempt account takeovers, potentially leading to unauthorized access to your VoIP system and sensitive information. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending HTTP requests to the /cgi and /webrtccgi endpoints of the Grandstream UCM6510 device with the "action" parameter set to "challenge" or "login" and analyzing the response codes. For example, sending a request with "action=challenge" and checking if the response returns status code 0 with a challenge value (indicating a valid user) or status code -37 (indicating no user). Similarly, sending a request with "action=login" and checking if the response returns status code -37 (valid user) or -6 (no user). These discrepancies in response codes allow detection of valid usernames. Specific commands would involve using tools like curl or similar HTTP clients to send these requests and observe responses. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the firmware update released by Grandstream that addresses this vulnerability. For the UCM6510 device, update the firmware to version 1.0.20.53. This update prevents user enumeration through the /cgi and /webrtccgi endpoints. Official firmware updates are available on Grandstream's support website. [1]