Input validation

2019-04-0121:29:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device’s configuration in cleartext.

CPENameOperatorVersion
gxp1610_firmwareeq1.0.4.128
gxp1615_firmwareeq1.0.4.128
gxp1620_firmwareeq1.0.4.128
gxp1625_firmwareeq1.0.4.128
gxp1628_firmwareeq1.0.4.128
gxp1630_firmwareeq1.0.4.128

Name	Operator	Version
gxp1610_firmware	eq	1.0.4.128
gxp1615_firmware	eq	1.0.4.128
gxp1620_firmware	eq	1.0.4.128
gxp1625_firmware	eq	1.0.4.128
gxp1628_firmware	eq	1.0.4.128
gxp1630_firmware	eq	1.0.4.128