CVE-2018-17565

2019-04-0120:51:32

mitre

www.cve.org

10 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.

References

grandstream.com/support/firmware

iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/