VYPR
Unrated severityNVD Advisory· Published Feb 18, 2026· Updated Feb 18, 2026

Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow

CVE-2026-2329

Description

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Grandstream/GXP1610v5
    Range: 0
  • Grandstream/GXP1615v5
    Range: 0
  • Grandstream/GXP1625cpe-rescue3 versions
    0+ 2 more
    • (no CPE)range: 0
    • (no CPE)range: 0
    • (no CPE)range: 0
  • Grandstream/GXP1630v5
    Range: 0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.