A series of unauthenticated and authenticated remote code-execution vulnerabilities have been uncovered in a variety of Grandstream products for small to medium-sized businesses. The vulnerabilities can be exploited in a few ways, according to Trustwave SpiderLabs research. Attackers can also use the vulnerabilities to gain access to cameras and microphones to turn them into listening devices. There are more than 135,000 of these devices quickly searchable on Shodan and publicly exposed, with a large subset of them that are vulnerable.
Source: https://threatpost.com/grandstream-bugs-smbs-attacks/143141/