Design/Logic Flaw

2019-04-0121:29:00

PRIOn knowledge base

www.prio-n.com

9.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.

CPENameOperatorVersion
gxp1610_firmwareeq1.0.4.128
gxp1615_firmwareeq1.0.4.128
gxp1620_firmwareeq1.0.4.128
gxp1625_firmwareeq1.0.4.128
gxp1628_firmwareeq1.0.4.128
gxp1630_firmwareeq1.0.4.128

Name	Operator	Version
gxp1610_firmware	eq	1.0.4.128
gxp1615_firmware	eq	1.0.4.128
gxp1620_firmware	eq	1.0.4.128
gxp1625_firmware	eq	1.0.4.128
gxp1628_firmware	eq	1.0.4.128
gxp1630_firmware	eq	1.0.4.128