VYPR

GXP1625

by Grandstream

CVEs (3)

  • CVE-2025-28170HigJul 29, 2025
    risk 0.49cvss 7.6epss 0.00

    Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.

  • CVE-2025-14186LowDec 7, 2025
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote…

  • CVE-2026-2329Feb 18, 2026
    risk 0.05cvss epss 0.40

    An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The…