Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HGrandstream Gxp1610
HWGrandstreamwszystkie wersjeGrandstream Gxp1610 Firmware
OSGrandstream≤ 1.0.4.152Grandstream Gxp1615
HWGrandstreamwszystkie wersjeGrandstream Gxp1615 Firmware
OSGrandstream≤ 1.0.4.152Grandstream Gxp1620
HWGrandstreamwszystkie wersjeGrandstream Gxp1620 Firmware
OSGrandstream≤ 1.0.4.152Grandstream Gxp1625
HWGrandstreamwszystkie wersjeGrandstream Gxp1625 Firmware
OSGrandstream≤ 1.0.4.152Grandstream Gxp1628
HWGrandstreamwszystkie wersjeGrandstream Gxp1628 Firmware
OSGrandstream≤ 1.0.4.152Grandstream Gxp1630
HWGrandstreamwszystkie wersjeGrandstream Gxp1630 Firmware
OSGrandstream≤ 1.0.4.152
Related vulnerabilities
Krytyczny stack-based buffer overflow w telefonach VoIP Grandstream GXP16xx
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers t...
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones ...
Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured w...
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command executio...