CVE-2025-28172
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-08-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| grandstream | ucm6510_firmware | to 1.0.20.52 (inc) |
| grandstream | ucm6510 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-28172 is a vulnerability in Grandstream UCM6510 devices up to firmware version 1.0.20.52 where there is improper restriction of excessive authentication attempts. The system does not enforce proper lockout or rate limiting on login attempts, allowing attackers to perform unlimited brute-force attacks to guess passwords. Additionally, the system reveals whether a username is valid or not through different response codes, enabling account enumeration. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to gain unauthorized access to user accounts by repeatedly attempting different passwords without restriction. It also enables attackers to enumerate valid usernames, increasing the risk of targeted attacks. Successful exploitation could lead to compromise of sensitive information or control over the affected device. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring authentication attempts to the /cgi and /webrtccgi endpoints on the Grandstream UCM6510 device. Specifically, you can look for repeated requests with the parameter action=challenge and observe the response codes: status code 0 with a challenge value for valid users, and status code -37 with a decreasing remaining_num value for invalid users. The presence of unlimited authentication attempts without proper lockout or rate limiting indicates the vulnerability. Commands such as using curl or similar HTTP request tools to simulate login attempts and observe responses can help detect it. For example, repeatedly sending requests like: curl -X POST 'http://<device-ip>/cgi?action=challenge&user=<username>' and analyzing the response codes and values can reveal if the system is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Grandstream UCM6510 firmware to version 1.0.20.53 or later, as this update addresses the improper restriction of excessive authentication attempts. For UCM630X devices, update to firmware version 1.0.29.11 or later. These official firmware updates are available on Grandstream's support website and implement proper brute-force protection and lockout mechanisms. [1]