CVE-2025-28172: Grandstream UCM6510 Vulnerable to Brute-Force Attacks

Grandstream Networks UCM6510 devices are susceptible to brute-force attacks due to a lack of proper restrictions on authentication attempts. This vulnerability, identified as CVE-2025-28172, allows attackers to repeatedly attempt logins with various passwords, potentially gaining unauthorized access to targeted accounts.

Vulnerability Details

CVE ID: CVE-2025-28172
Description: Grandstream Networks UCM6510 v1.0.20.52 and earlier versions do not adequately restrict the number of authentication attempts, making them vulnerable to brute-force attacks.
CVSS Score: 6.5 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS Explanation: This medium severity vulnerability allows a remote attacker with no privileges to gain limited access to confidential data and modify some data. The attacker does not require user interaction. The lack of availability impact means system services are not affected.
Exploit Requirements: The attacker needs network access to the UCM6510 device. No user interaction is required.
Affected Vendor: Grandstream Networks
Affected Product: UCM6510
Affected Version: v1.0.20.52 and earlier
CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts
CWE Explanation: CWE-307 describes a weakness where a system allows an unlimited or excessive number of authentication attempts, increasing the likelihood of successful brute-force attacks.

Timeline of Events

Discovered: Unknown
Reported: Unknown
CVE Assigned: 2025-07-29
Published: 2025-07-29

Exploitability & Real-World Risk

The lack of proper rate limiting on authentication attempts makes the Grandstream UCM6510 highly vulnerable to automated brute-force attacks. Attackers can use readily available tools to systematically try various password combinations until they successfully gain access. This can lead to unauthorized access to sensitive VoIP configurations, call logs, and potentially allow attackers to make fraudulent calls or eavesdrop on communications. Given the widespread use of UCM6510 in business environments, the risk is significant.

Recommendations

Apply the latest firmware update: Check the Grandstream website for firmware updates that address this vulnerability.
Implement strong password policies: Enforce the use of strong, unique passwords for all user accounts.
Enable account lockout: Configure the UCM6510 to automatically lock out accounts after a certain number of failed login attempts.
Monitor login attempts: Regularly review login logs for suspicious activity.
Network Segmentation: Isolate the UCM6510 on a separate network segment to limit the impact of a potential breach.
Use Multi-Factor Authentication (MFA): If supported, enable MFA for an additional layer of security.

Technical Insight

The vulnerability stems from the UCM6510's failure to adequately track and limit the number of failed login attempts. This allows attackers to bypass password protection mechanisms through repeated guessing. By sending a large number of authentication requests with different credentials, they can eventually stumble upon a valid password, gaining unauthorized access.

Credit to Researcher(s)

This vulnerability was discovered by an independent researcher. (Specific name might be available in further disclosures).

CVE-2025-28172: Grandstream UCM6510 Vulnerable to Brute-Force Attacks

CVE-2025-28172: Grandstream UCM6510 Vulnerable to Brute-Force Attacks

Vulnerability Details

Timeline of Events

Exploitability & Real-World Risk

Recommendations

Technical Insight

Credit to Researcher(s)

References

Tags

Timeline

References

Post a Comment

Contact Form