HIGH🇵🇱 Wersja polska

CVE-2020-5739

CVSS 8.8v3.1pub. 2020-04-14upd. 2024-11-21

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Grandstream Gxp1610

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Gxp1610 Firmware

    OS
    Grandstream
    ≤ 1.0.4.152
  • Grandstream Gxp1615

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Gxp1615 Firmware

    OS
    Grandstream
    ≤ 1.0.4.152
  • Grandstream Gxp1620

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Gxp1620 Firmware

    OS
    Grandstream
    ≤ 1.0.4.152
  • Grandstream Gxp1625

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Gxp1625 Firmware

    OS
    Grandstream
    ≤ 1.0.4.152
  • Grandstream Gxp1628

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Gxp1628 Firmware

    OS
    Grandstream
    ≤ 1.0.4.152
  • Grandstream Gxp1630

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Gxp1630 Firmware

    OS
    Grandstream
    ≤ 1.0.4.152
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
VPN
CWE
References

Related vulnerabilities

CVE-2026-2329CRITICAL9.3PL ✓ten sam produkt

Krytyczny stack-based buffer overflow w telefonach VoIP Grandstream GXP16xx

CVE-2018-17564CRITICAL9.8ten sam produkt

A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers t...

CVE-2018-17565CRITICAL9.8ten sam produkt

Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones ...

CVE-2025-28170HIGH7.6ten sam produkt

Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured w...

CVE-2020-5738HIGH8.8ten sam produkt

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command executio...