Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25218
Reference (s):
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0002/FEYE-2021-0002.md