CVE-2020-25217
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
Date published : 2021-03-29
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0001/FEYE-2021-0001.md