VYPR

GXP16XX

by Grandstream

CVEs (4)

  • CVE-2023-50015HigMar 9, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token.

  • CVE-2018-17565Apr 1, 2019
    risk 0.00cvss epss 0.02

    Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.

  • CVE-2018-17564Apr 1, 2019
    risk 0.00cvss epss 0.02

    A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.

  • CVE-2018-17563Apr 1, 2019
    risk 0.00cvss epss 0.01

    A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.