ByteOS Network

NVD Vulnerability Details :

CVE-2026-2329

Analyzed

Source-cve@rapid7.com

Published At-18 Feb, 2026 | 15:18

Updated At-20 Feb, 2026 | 20:57

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	9.3	CRITICAL	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 4.0

Base score: 9.3

Base severity: CRITICAL

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

grandstream>>gxp1610_firmware>>Versions before 1.0.7.81(exclusive)

cpe:2.3:o:grandstream:gxp1610_firmware:*:*:*:*:*:*:*:*

grandstream>>gxp1610>>-

cpe:2.3:h:grandstream:gxp1610:-:*:*:*:*:*:*:*

grandstream>>gxp1615_firmware>>Versions before 1.0.7.81(exclusive)

cpe:2.3:o:grandstream:gxp1615_firmware:*:*:*:*:*:*:*:*

grandstream>>gxp1615>>-

cpe:2.3:h:grandstream:gxp1615:-:*:*:*:*:*:*:*

grandstream>>gxp1620_firmware>>Versions before 1.0.7.81(exclusive)

cpe:2.3:o:grandstream:gxp1620_firmware:*:*:*:*:*:*:*:*

grandstream>>gxp1620>>-

cpe:2.3:h:grandstream:gxp1620:-:*:*:*:*:*:*:*

grandstream>>gxp1625_firmware>>Versions before 1.0.7.81(exclusive)

cpe:2.3:o:grandstream:gxp1625_firmware:*:*:*:*:*:*:*:*

grandstream>>gxp1625>>-

cpe:2.3:h:grandstream:gxp1625:-:*:*:*:*:*:*:*

grandstream>>gxp1628_firmware>>Versions before 1.0.7.81(exclusive)

cpe:2.3:o:grandstream:gxp1628_firmware:*:*:*:*:*:*:*:*

grandstream>>gxp1628>>-

cpe:2.3:h:grandstream:gxp1628:-:*:*:*:*:*:*:*

grandstream>>gxp1630_firmware>>Versions before 1.0.7.81(exclusive)

cpe:2.3:o:grandstream:gxp1630_firmware:*:*:*:*:*:*:*:*

grandstream>>gxp1630>>-

cpe:2.3:h:grandstream:gxp1630:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-121	Secondary	cve@rapid7.com

CWE ID: CWE-121

Type: Secondary

Source: cve@rapid7.com

References

Hyperlink	Source	Resource
https://firmware.grandstream.com/Release_Note_GXP16xx_1.0.7.81.pdf	cve@rapid7.com	Product Release Notes
https://github.com/rapid7/metasploit-framework/pull/20983	cve@rapid7.com	VDB Entry Patch
https://psirt.grandstream.com/	cve@rapid7.com	Vendor Advisory
https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed	cve@rapid7.com	Third Party Advisory VDB Entry

Hyperlink: https://firmware.grandstream.com/Release_Note_GXP16xx_1.0.7.81.pdf

Source: cve@rapid7.com

Resource:

Product

Release Notes

Hyperlink: https://github.com/rapid7/metasploit-framework/pull/20983

Source: cve@rapid7.com

Resource:

VDB Entry

Patch

Hyperlink: https://psirt.grandstream.com/

Source: cve@rapid7.com

Resource:

Vendor Advisory

Hyperlink: https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed

Source: cve@rapid7.com

Resource:

Third Party Advisory

VDB Entry

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History