GXP16XX
by Grandstream
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-50015 | Hig | 0.57 | 8.8 | 0.00 | Mar 9, 2024 | An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token. | ||
| CVE-2018-17565 | 0.00 | — | 0.02 | Apr 1, 2019 | Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell. | |||
| CVE-2018-17564 | 0.00 | — | 0.02 | Apr 1, 2019 | A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device. | |||
| CVE-2018-17563 | 0.00 | — | 0.01 | Apr 1, 2019 | A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext. |
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token.
- CVE-2018-17565Apr 1, 2019risk 0.00cvss —epss 0.02
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.
- CVE-2018-17564Apr 1, 2019risk 0.00cvss —epss 0.02
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.
- CVE-2018-17563Apr 1, 2019risk 0.00cvss —epss 0.01
A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.