High severity8.1NVD Advisory· Published Apr 21, 2017· Updated May 13, 2026

CVE-2016-1518

Description

The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/136280/Grandstream-Wave-1.0.1.26-Man-In-The-Middle.htmlnvdThird Party AdvisoryVDB Entry
rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1518-insecure-provisioning.pdfnvdThird Party Advisory
www.securityfocus.com/archive/1/537818/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000