17 matches found
CVE-2026-2329
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...
CVE-2026-2329
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...
CVE-2026-2329
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...
CVE-2026-2329 Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...
CVE-2026-2329
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...
CVE-2026-2329
The CVE-2026-2329 entry describes an unauthenticated stack-based buffer overflow in Grandstream GXP series devices (GXP1610/1615/1620/1625/1628/1630) at the HTTP API endpoint /cgi-bin/api.values.get, enabling unauthenticated RCE with root privileges. Affected models are explicitly listed; attack ...
Grandstream GXP series 安全漏洞
The Grandstream GXP series is a series of IP phones produced by the American company Grandstream. There are security vulnerabilities in the Grandstream GXP series. These vulnerabilities stem from an unauthenticated, stack-based buffer overflow vulnerability in the /cgi-bin/api.values.get HTTP API...
PT-2026-20432
Name of the Vulnerable Software and Affected Versions: Grandstream GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630 versions prior to 1.0.7.81. Description: A critical unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. This...
EUVD-2025-23024
Malicious code in bioql PyPI...
CVE-2025-28170
Grandstream Networks GXP1628 =1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files...
CVE-2025-28170
Grandstream Networks GXP1628 =1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files...
CVE-2025-28170
Grandstream Networks GXP1628 =1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files...
Grandstream GXP1628 安全漏洞
Grandstream GXP1628 is an IP phone from Grandstream USA. A security vulnerability exists in the Grandstream GXP1628 version 1.0.4.130 and earlier, which stems from improper access control and could lead to unauthorized access...
CVE-2025-28170
Grandstream Networks GXP1628 =1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files...
CVE-2025-28170
Grandstream Networks GXP1628 =1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files...
CVE-2025-28170
The CVE-2025-28170 entry concerns Grandstream Networks GXP1628 devices running version 1.0.4.130 or earlier. The root cause is Incorrect Access Control due to directory listing being enabled, which can permit unauthorized access to sensitive directories and files. Publicly available sources in th...
PT-2025-31221 · Grandstream Networks · Gxp1628
Name of the Vulnerable Software and Affected Versions: Grandstream Networks GXP1628 versions 1.0.4.130 and earlier Description: The Grandstream Networks GXP1628 device is susceptible to incorrect access control due to directory listing being enabled. This allows unauthorized access to sensitive...