CVE-2024-0840
published 2024-04-29CVE-2024-0840: The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and…
PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.88%
54.5th percentile
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnu | binutils | >= 0 < 2.34-6ubuntu1.10 | 2.34-6ubuntu1.10 |
| gnu | binutils | >= 0 < 2.38-4ubuntu2.7 | 2.38-4ubuntu2.7 |
| gnu | binutils | >= 0 < 2.42-4ubuntu2.4 | 2.42-4ubuntu2.4 |
| grandstream | ucm_series | < <1.0.20.52 | <1.0.20.52 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
binutils vulnerabilities
osv·2025-02-26·CVSS 5.5
CVE-2024-57360 binutils vulnerabilities
binutils vulnerabilities
It was discovered that GNU binutils in nm tool is affected by an
incorrect access control. An attacker could possibly use this issue
to cause a crash. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04
LTS, and Ubuntu 24.10. (CVE-2024-57360)
It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2025-0840)
GHSA
GHSA-jg72-rmmw-hp49: The Grandstream UCM Series IP PBX before firmware version 1
ghsa_unreviewed·2024-04-29
CVE-2024-0840 [HIGH] CWE-141 GHSA-jg72-rmmw-hp49: The Grandstream UCM Series IP PBX before firmware version 1
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.
Suricata
GPL POP3 APOP overflow attempt
suricata·2010-09-23
CVE-2000-0840 GPL POP3 APOP overflow attempt
GPL POP3 APOP overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"GPL POP3 APOP overflow attempt"; flow:established,to_server; content:"APOP"; nocase; isdataat:256,relative; pcre:"/^APOP\s[^\n]{256}/smi"; reference:bugtraq,1652; reference:cve,2000-0840; reference:cve,2000-0841; reference:nessus,10559; classtype:attempted-admin; sid:2101635; rev:15; metadata:created_at 2010_09_23, cve CVE_2000_0840, confidence Medium, signature_severity Major, updated_at 2024_03_08;)
No public exploits indexed.
No writeups or analysis indexed.
2024-04-29
Published