16 matches found
CVE-2026-2329
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...
CVE-2026-2329
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...
CVE-2026-2329
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...
CVE-2026-2329 Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...
CVE-2026-2329
The CVE-2026-2329 entry describes an unauthenticated stack-based buffer overflow in Grandstream GXP series devices (GXP1610/1615/1620/1625/1628/1630) at the HTTP API endpoint /cgi-bin/api.values.get, enabling unauthenticated RCE with root privileges. Affected models are explicitly listed; attack ...
CVE-2026-2329
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...
Grandstream GXP series 安全漏洞
The Grandstream GXP series is a series of IP phones produced by the American company Grandstream. There are security vulnerabilities in the Grandstream GXP series. These vulnerabilities stem from an unauthenticated, stack-based buffer overflow vulnerability in the /cgi-bin/api.values.get HTTP API...
PT-2026-20432
Name of the Vulnerable Software and Affected Versions: Grandstream GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630 versions prior to 1.0.7.81. Description: A critical unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. This...
CVE-2025-14186
A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...
EUVD-2025-201595
A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...
CVE-2025-14186
A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...
CVE-2025-14186 Grandstream GXP1625 Network Status api.values.post cross site scripting
A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...
CVE-2025-14186 Grandstream GXP1625 Network Status api.values.post cross site scripting
A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...
CVE-2025-14186
CVE-2025-14186 affects Grandstream GXP1625 (firmware 1.0.7.4). The flaw is in the Network Status Page, file /cgi-bin/api.values.post, where manipulating the vpn_ip parameter triggers a basic cross-site scripting (XSS) vulnerability. Remote exploitation is possible, and the exploit has been public...
Grandstream GXP1625 安全漏洞
The Grandstream GXP1625 is an enterprise IP phone from Grandstream USA. A security vulnerability exists in the Grandstream GXP1625 version 1.0.7.4, which originates from an incorrect manipulation of the parameter vpnip in the file /cgi-bin/api.values.post in the component Network Status Page, whi...
PT-2025-49397
A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn ip results in basic cross site scripting. Remote exploitation of t...