High severity7.8NVD Advisory· Published Apr 21, 2017· Updated Jun 17, 2026
CVE-2016-1520
CVE-2016-1520
Description
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.
Affected products
2cpe:2.3:a:grandstream:wave:*:*:*:*:*:android:*:*+ 1 more
- cpe:2.3:a:grandstream:wave:*:*:*:*:*:android:*:*range: <=1.0.1.26
- (no CPE)range: <=1.0.1.26
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/136291/Grandstream-Wave-1.0.1.26-Update-Redirection.htmlnvdThird Party AdvisoryVDB Entry
- rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1520-app-update-redirection.pdfnvdThird Party Advisory
- www.securityfocus.com/archive/1/537821/100/0/threadednvd
News mentions
0No linked articles in our index yet.