Gxp1628 Firmware Security Vulnerabilities and Issues — Gxp1628 Firmware CVE List

Lucene search

GrandstreamGxp1628 Firmware

5 matches found

CVE•added 2020/04/14 2:15 p.m.•51 views

CVE-2020-5738

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.

9CVSS8.7AI score0.06813EPSS

CVE•added 2019/04/01 9:29 p.m.•44 views

CVE-2018-17565

Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.

10CVSS9.8AI score0.00614EPSS

CVE•added 2020/04/14 2:15 p.m.•44 views

CVE-2020-5739

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined...

9CVSS8.7AI score0.0327EPSS

CVE•added 2019/04/01 9:29 p.m.•36 views

CVE-2018-17563

A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.

5.3CVSS5.2AI score0.0017EPSS

CVE•added 2019/04/01 9:29 p.m.•34 views

CVE-2018-17564

A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.

9.8CVSS9.4AI score0.00518EPSS