A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGrandstream Gxp1610
HWGrandstreamwszystkie wersjeGrandstream Gxp1610 Firmware
OSGrandstream1.0.4.128Grandstream Gxp1615
HWGrandstreamwszystkie wersjeGrandstream Gxp1615 Firmware
OSGrandstream1.0.4.128Grandstream Gxp1620
HWGrandstreamwszystkie wersjeGrandstream Gxp1620 Firmware
OSGrandstream1.0.4.128Grandstream Gxp1625
HWGrandstreamwszystkie wersjeGrandstream Gxp1625 Firmware
OSGrandstream1.0.4.128Grandstream Gxp1628
HWGrandstreamwszystkie wersjeGrandstream Gxp1628 Firmware
OSGrandstream1.0.4.128Grandstream Gxp1630
HWGrandstreamwszystkie wersjeGrandstream Gxp1630 Firmware
OSGrandstream1.0.4.128
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2026-2329CRITICAL9.3PL ✓ten sam produkt
Krytyczny stack-based buffer overflow w telefonach VoIP Grandstream GXP16xx
CVE-2018-17565CRITICAL9.8ten sam produkt
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones ...
CVE-2025-28170HIGH7.6ten sam produkt
Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured w...
CVE-2020-5738HIGH8.8ten sam produkt
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command executio...
CVE-2020-5739HIGH8.8ten sam produkt
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command executio...