CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

507 matches found

Grandstream UCM6200 - SQL Injection

Grandstream UCM6200 series contains an unauthenticated remote SQL injection caused by crafted HTTP requests, letting attackers execute shell commands as root on versions before 1.0.19.20 or inject HTML in emails before 1.0.20.17. id: CVE-2020-5722 info: name: Grandstream UCM6200 - SQL Injection...

10CVSS7.5AI score0.92735EPSS

Exploits8References2

Rapid7 Blog•added 2026/02/27 8:25 p.m.•10 views

Metasploit Wrap-Up 02/27/2026

No Prob-ollama This release brings some serious firepower with multiple new exploit modules and critical vulnerability support! The standout additions are the Ollama path traversal RCE CVE-2024-37032, a sophisticated exploit chaining arbitrary file writes into unauthenticated root RCE, and the...

9.9CVSS7.3AI score0.93747EPSS

Exploits17

Metasploit•added 2026/02/24 6:58 p.m.•196 views

GrandStream GXP1600 Gather Credentials

This gather module works against Grandstream GXP1600 series VoIP devices and can collect HTTP, SIP, and TR-069 credentials from a device. You can first leverage the exploit/linux/http/grandstreamgxp1600unauthrce exploit module to get a root session on a target GXP1600 series device before running...

5.8AI score

Exploits0

Metasploit•added 2026/02/24 6:58 p.m.•226 views

GrandStream GXP1600 proxy SIP traffic

This capture module works against Grandstream GXP1600 series VoIP devices and can reconfigure the device to use an arbitrary SIP proxy. You can first leverage the exploit/linux/http/grandstreamgxp1600unauthrce exploit module to get a root session on a target GXP1600 series device before running...

5.9AI score

Exploits0

Metasploit•added 2026/02/24 6:57 p.m.•349 views

GrandStream GXP1600 Unauthenticated Remote Code Execution

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...

9.8CVSS8.2AI score0.24822EPSS

Exploits2

Packet Storm•added 2026/02/24 12:0 a.m.•131 views

📄 GrandStream GXP1600 Unauthenticated Remote Code Execution

9.8CVSS7AI score0.24822EPSS

Exploits2

The Hacker News•added 2026/02/18 4:35 p.m.•4 views

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2026-2329 , carries a CVSS score of 9.3 out of a maximum of 10.0. It has been...

9.3CVSS7.5AI score0.24822EPSS

Exploits2

Rapid7 Blog•added 2026/02/18 2:15 p.m.•8 views

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

I don’t know about you, but when I think about “critical vulnerabilities,” I usually picture ransomware, data theft, or maybe a server falling over at 2 a.m. while someone frantically searches Slack for the last good backup. What I don’t picture is a scene straight out of a Cold War spy film...

9.8CVSS6.7AI score0.24822EPSS

Exploits2

Cvelist•added 2026/02/18 2:8 p.m.•20 views

CVE-2026-2329 Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow

9.3CVSS0.24822EPSS

Exploits2References4

CVE•added 2026/02/18 2:8 p.m.•11 views

CVE-2026-2329

The CVE-2026-2329 entry describes an unauthenticated stack-based buffer overflow in Grandstream GXP series devices (GXP1610/1615/1620/1625/1628/1630) at the HTTP API endpoint /cgi-bin/api.values.get, enabling unauthenticated RCE with root privileges. Affected models are explicitly listed; attack ...

9.8CVSS7AI score0.24822EPSS

Exploits2References4Affected Software1

Vulnrichment•added 2026/02/18 2:8 p.m.•3 views

CVE-2026-2329 Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow

9.3CVSS7AI score0.24822EPSS

Exploits2References4

ATTACKERKB•added 2026/02/18 2:8 p.m.•2 views

CVE-2026-2329

9.8CVSS8.3AI score0.24822EPSS

Exploits2References5

Rapid7 Blog•added 2026/02/18 2:0 p.m.•9 views

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Overview Rapid7 Labs conducted a zero-day research project against the Grandstream GXP1600 series of Voice over Internet Protocol VoIP phones. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-2329. A remote attacker can...

9.8CVSS7.6AI score0.24822EPSS

Exploits2

CNNVD•added 2026/02/18 12:0 a.m.•4 views

Grandstream GXP series 安全漏洞

The Grandstream GXP series is a series of IP phones produced by the American company Grandstream. There are security vulnerabilities in the Grandstream GXP series. These vulnerabilities stem from an unauthenticated, stack-based buffer overflow vulnerability in the /cgi-bin/api.values.get HTTP API...

9.8CVSS8.1AI score0.24822EPSS

Exploits2References4

RedhatCVE•added 2026/01/09 12:37 p.m.•4 views

CVE-2023-50015

An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token...

8.8CVSS7.3AI score0.00306EPSS

Exploits0References1

RedhatCVE•added 2025/12/08 8:16 a.m.•1 views

CVE-2025-14186

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...

5.1CVSS5.4AI score0.00026EPSS

Exploits0References1