CVE-2018-17564

2019-04-0120:50:11

mitre

www.cve.org

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.7%

JSON

A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.

References

grandstream.com/support/firmware

iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/