Vulnerabilities > Grandstream > Wave > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-21 CVE-2016-1519 Improper Certificate Validation vulnerability in Grandstream Wave 1.0.1.26
The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.
network
high complexity
grandstream CWE-295
5.9