Vulnerabilities > CVE-2016-1520 - 7PK - Security Features vulnerability in Grandstream Wave 1.0.1.26

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

grandstream

CWE-254

NVD

Published: 2017-04-21

Updated: 2018-10-09

Summary

The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.

Vulnerable Configurations

Part	Description	Count
Application	Grandstream Grandstream Wave 1.0.1.26	1

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Packetstorm

data source	https://packetstormsecurity.com/files/download/136291/grandstream-redir.txt
id	PACKETSTORM:136291
last seen	2016-12-05
published	2016-03-18
reporter	Georg Lukas
source	https://packetstormsecurity.com/files/136291/Grandstream-Wave-1.0.1.26-Update-Redirection.html
title	Grandstream Wave 1.0.1.26 Update Redirection

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References