22 matches found
CVE-2023-50015
An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token...
EUVD-2018-9316
Malware in sbrugna...
Grandstream IP Phones GXP14xx <= 1.0.8.9 / GXP16xx <= 1.0.7.70 Privilege Escalation Vulnerability (GSVUL-2023-001)
Grandstream GXP14xx and GXP16xx Series IP phones are prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Design/Logic Flaw
An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token...
CVE-2023-50015
An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token...
CVE-2023-50015
CVE-2023-50015 affects Grandstream GXP14XX (1.0.8.9) and GXP16XX (1.0.7.13). The issue is an improper access control that lets remote attackers escalate privileges via an end-user session-identity token. • Impact: high (C, I, A all high). • Root cause: incorrect access control. • Remediation stat...
Grandstream GXP16xx Information Disclosure Vulnerability
The Grandstream GXP16xx VoIP is a 16XX series IP phone from Grandstream. An information disclosure vulnerability exists in /cgi-bin/api-getlinestatus in the Grandstream GXP16xx 1.0.4.128, which can be exploited by an attacker to dump the device's configuration in plaintext via a malformed input...
Grandstream GXP16xx Elevation of Privilege Vulnerability
The Grandstream GXP16xx VoIP is a 16XX series IP phone from Grandstream. An elevation of privilege vulnerability exists in /cgi-bin/deleteCA in Grandstream GXP16xx 1.0.4.128, which can be exploited to delete configuration parameters and gain administrator access to the device via a malformed inpu...
Grandstream GXP16xx Shell Metacharacter Injection Vulnerability
The Grandstream GXP16xx VoIP is a 16XX series IP phone from Grandstream. A shell metacharacter injection vulnerability exists in the SSH configuration interface of the Grandstream GXP16xx 1.0.4.128, which can be exploited by an attacker to execute arbitrary system commands and obtain a root shell...
CVE-2018-17564
A Malformed Input String to /cgi-bin/deleteCA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device...
CVE-2018-17565
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell...
CVE-2018-17564
A Malformed Input String to /cgi-bin/deleteCA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device...
CVE-2018-17565
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell...
CVE-2018-17563
A Malformed Input String to /cgi-bin/api-getlinestatus on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext...
CVE-2018-17563
A Malformed Input String to /cgi-bin/api-getlinestatus on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext...
Design/Logic Flaw
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell...
Input validation
A Malformed Input String to /cgi-bin/api-getlinestatus on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext...
CVE-2018-17565
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell...
CVE-2018-17565
The CVE-2018-17565 entry concerns a Shell Metacharacter Injection vulnerability in the SSH configuration interface of Grandstream GXP16xx VoIP phones (firmware 1.0.4.128). The vulnerability allows an attacker to execute arbitrary system commands and obtain a root shell. Public documents identify ...
CVE-2018-17564
A Malformed Input String to /cgi-bin/deleteCA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device...