Grandstream security vulnerability in the UCM series firmware

Grandstream posted this today…

A security vulnerability has recently been discovered in the UCM series IP PBX firmware version 1.0.14.23 or older. We highly recommend that any UCM customer upgrade their firmware version to 1.0.14.24 or 1.0.15.13 as soon as possible in order to install a permanent fix to this issue.

The security vulnerability affects the UCM6100 series, UCM6200 series, and UCM6510. For more information on the details behind the security issue please read the special security bulletin below.

Grandstream Security Bulletin GS17-003

To upgrade your firmware, please visit the firmware page below and install either 1.0.14.24 (official release) or 1.0.15.13 (currently a beta release).

Grandstream Firmware Page

If you are not familiar with how to upgrade the firmware, please see below for a link to each UCM series user manual:

UCM6100 User Manualpage 349

UCM6200 User Manual page 336

UCM6510 User Manualpage 364

For additional support resources please see the options below. If you are opening a Help Desk ticket please be sure to log in with your ResellerConnect credentials to receive priority technical support.

Help Desk

Grandstream Forums

UCM Security Manual

The post Grandstream security vulnerability in the UCM series firmware appeared first on Steve Discher.


Source: Blog

Steve Discher

Steve Discher was born in Apple Valley, California and today makes his home in College Station, Texas with his wife and three children. He is a 1987 graduate of Texas A-M University and owns ISP Supplies, a wireless distribution company, and conducts MikroTik training classes. His hobbies include flying his Piper Cub and RV camping with his family.

Recent Posts

  • Creating Trunk and Access Ports on MikroTik CRS3xx Series Switches

    The switch menu and configuration interface is significantly different on the CRS3xx versus the CRS1xx or CRS2xx series switches and if you are trying to configure VLANs, the process is totally different. Here is a quick HowTo for configuring VLANs …

  • Ubiquiti Unifi Video NVR Upgrade Fails

    Yesterday I got tired of the nagging “Update Available” on my Ubiquiti Video NVR so I went through the upgrade process in the web GUI. It failed with Error 400. I tried several times, several browsers, same error. I then …

  • Using MikroTik LHG as a UE With a Baicells eNodeB

    This has been a dream for a long time, and a DIY project for those industrious individuals willing to cobble it together, but now it is a reality in a production device. First of all why would you want to …

See More News