Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

GXP1630

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2026-2329
Assigner-Rapid7, Inc.
ShareView Details
Assigner-Rapid7, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.09% / 25.71%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 14:08
Updated-20 Feb, 2026 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Action-Not Available
Vendor-grandstreamGrandstream
Product-gxp1630gxp1615_firmwaregxp1610gxp1615gxp1628gxp1628_firmwaregxp1610_firmwaregxp1620gxp1620_firmwaregxp1625gxp1630_firmwaregxp1625_firmwareGXP1628GXP1630GXP1615GXP1620GXP1625GXP1610
CWE ID-CWE-121
Stack-based Buffer Overflow