CVE-2025-28170

High CVSS: 7.6

Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.

Vendor

Grandstream

Product

Gxp1628 Firmware

CWE

CWE-548

Yayın Tarihi

2025-07-29 17:15:32

Güncelleme

2025-08-06 20:46:32

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-548 Gxp1628 Firmware HIGH Grandstream 2025

Referanslar

http://grandstream.com https://gist.github.com/Exek1el/928ea6fd06d3b48c1c91cfdc30317d8d

Benzer Kayıtlar

Critical

CVE-2026-2329

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A…

Medium

CVE-2025-28171

An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the…

Medium

CVE-2025-28172

Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Att…