Vulnerabilities > CVE-2016-1520 - 7PK - Security Features vulnerability in Grandstream Wave
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/136291/grandstream-redir.txt |
| id | PACKETSTORM:136291 |
| last seen | 2016-12-05 |
| published | 2016-03-18 |
| reporter | Georg Lukas |
| source | https://packetstormsecurity.com/files/136291/Grandstream-Wave-1.0.1.26-Update-Redirection.html |
| title | Grandstream Wave 1.0.1.26 Update Redirection |