3 matches found
CVE-2016-1518
CVE-2016-1518 affects the Grandstream Wave app (Android, versions up to 1.0.1.26 and earlier) and Grandstream Video IP phones. The root cause is failure to use HTTPS when downloading provisioning/configuration data from http://fm.grandstream.com/gs/, enabling a man-in-the-middle to spoof provisio...
CVE-2016-1520
The CVE-2016-1520 issue affects the Grandstream Wave Android app (1.0.1.26 and earlier). The root cause is that update information is retrieved over HTTP instead of HTTPS, enabling a man-in-the-middle to craft updates and potentially execute arbitrary code on the device. Public details indicate t...
CVE-2016-1519
Affected software: Grandstream Wave app for Android (package com.softphone.common), versions up to and including 1.0.1.26. Vulnerability: Improper SSL certificate validation in the app’s provisioning flow. Impact: Enables MITM attackers to spoof the Grandstream provisioning server via a crafted c...