Lucene search
K

8 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/18 2:8 p.m.6 views

CVE-2026-2329

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...

9.8CVSS8.3AI score0.40014EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/12/08 8:16 a.m.4 views

CVE-2025-14186

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...

5.1CVSS5.4AI score0.00198EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/07 9:30 a.m.4 views

EUVD-2025-201595

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...

5.1CVSS5.1AI score0.00198EPSS
Exploits0References5
NVD
NVD
added 2025/12/07 8:15 a.m.5 views

CVE-2025-14186

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...

5.1CVSS0.00198EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/07 7:32 a.m.21 views

CVE-2025-14186 Grandstream GXP1625 Network Status api.values.post cross site scripting

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...

5.1CVSS0.00198EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/07 7:32 a.m.3 views

CVE-2025-14186 Grandstream GXP1625 Network Status api.values.post cross site scripting

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...

5.1CVSS5.2AI score0.00198EPSS
Exploits0References4
CVE
CVE
added 2025/12/07 7:32 a.m.10 views

CVE-2025-14186

CVE-2025-14186 affects Grandstream GXP1625 (firmware 1.0.7.4). The flaw is in the Network Status Page, file /cgi-bin/api.values.post, where manipulating the vpn_ip parameter triggers a basic cross-site scripting (XSS) vulnerability. Remote exploitation is possible, and the exploit has been public...

5.1CVSS5.2AI score0.00198EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/07 12:0 a.m.7 views

PT-2025-49397

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn ip results in basic cross site scripting. Remote exploitation of t...

5.1CVSS3.9AI score0.00198EPSS
Exploits0References5
Rows per page
Query Builder