Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGrandstream Gxp1610
HWGrandstreamwszystkie wersjeGrandstream Gxp1610 Firmware
OSGrandstream1.0.4.128Grandstream Gxp1615
HWGrandstreamwszystkie wersjeGrandstream Gxp1615 Firmware
OSGrandstream1.0.4.128Grandstream Gxp1620
HWGrandstreamwszystkie wersjeGrandstream Gxp1620 Firmware
OSGrandstream1.0.4.128Grandstream Gxp1625
HWGrandstreamwszystkie wersjeGrandstream Gxp1625 Firmware
OSGrandstream1.0.4.128Grandstream Gxp1628
HWGrandstreamwszystkie wersjeGrandstream Gxp1628 Firmware
OSGrandstream1.0.4.128Grandstream Gxp1630
HWGrandstreamwszystkie wersjeGrandstream Gxp1630 Firmware
OSGrandstream1.0.4.128
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Powiązane podatności
CVE-2026-2329CRITICAL9.3PL ✓ten sam produkt
Krytyczny stack-based buffer overflow w telefonach VoIP Grandstream GXP16xx
CVE-2018-17564CRITICAL9.8ten sam produkt
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers t...
CVE-2025-28170HIGH7.6ten sam produkt
Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured w...
CVE-2020-5738HIGH8.8ten sam produkt
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command executio...
CVE-2020-5739HIGH8.8ten sam produkt
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command executio...