CVE-2025-28172

{"id": "CVE-2025-28172", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-07-29T15:15:34.450", "references": [{"url": "http://grandstream.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/Exek1el/6291185a87c98d4229181212b2bd5cdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force attack."}, {"lang": "es", "value": "Grandstream Networks UCM6510 v1.0.20.52 y versiones anteriores son vulnerables a la restricci\u00f3n indebida de intentos de autenticaci\u00f3n excesivos. Un atacante puede realizar un n\u00famero arbitrario de intentos de autenticaci\u00f3n con diferentes contrase\u00f1as y, finalmente, obtener acceso a la cuenta objetivo mediante un ataque de fuerza bruta."}], "lastModified": "2025-08-06T20:53:49.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:ucm6510_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "133D6AB5-3DBD-49A0-A9C5-020E7DB4A4D7", "versionEndIncluding": "1.0.20.52"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:ucm6510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "03A8A45C-184E-4B73-8161-EE6C05CCF26D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}