CVE-2026-2329

Critical CVSS: 9.3

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Vendor

Grandstream

Product

Gxp1610 Firmware

CWE

CWE-121

Yayın Tarihi

2026-02-18 15:18:44

Güncelleme

2026-02-20 20:57:50

Source Identifier

cve@rapid7.com

KEV Date Added

Kategoriler

CWE-121 Gxp1610 Firmware CRITICAL Grandstream 2026

Referanslar

https://firmware.grandstream.com/Release_Note_GXP16xx_1.0.7.81.pdf https://github.com/rapid7/metasploit-framework/pull/20983 https://psirt.grandstream.com/ https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed

Benzer Kayıtlar

High

CVE-2025-28170

Grandstream Networks GXP1628

Medium

CVE-2025-28171

An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the…

Medium

CVE-2025-28172

Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Att…