Vulnerabilities > CVE-2018-17564 - Unspecified vulnerability in Grandstream products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

grandstream

critical

NVD

Published: 2019-04-01

Updated: 2020-08-24

Summary

A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.

Vulnerable Configurations

Part	Description	Count
OS	Grandstream Grandstream Gxp1610 Firmware 1.0.4.128 Grandstream Gxp1615 Firmware 1.0.4.128 Grandstream Gxp1620 Firmware 1.0.4.128 Grandstream Gxp1625 Firmware 1.0.4.128 Grandstream Gxp1628 Firmware 1.0.4.128 Grandstream Gxp1630 Firmware 1.0.4.128	6
Hardware	Grandstream Grandstream Gxp1610 - Grandstream Gxp1615 - Grandstream Gxp1620 - Grandstream Gxp1625 - Grandstream Gxp1628 - Grandstream Gxp1630 -	6

References

http://grandstream.com/support/firmware
https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/