Description
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.
Published: 2026-02-18
Score: 9.3 Critical
EPSS: 34.8% Moderate
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow exists in the HTTP API endpoint /cgi-bin/api.values.get on Grandstream VoIP phones. The vulnerability can be triggered without authentication and allows an attacker to execute arbitrary code with root privileges on the device.

Affected Systems

All six GXP series models—GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630—are affected.

Risk and Exploitability

The flaw carries a high severity CVSS score of 9.3 and an EPSS score of 35%, indicating a substantial likelihood of exploitation. While currently not listed in the CISA KEV catalog, the unauthenticated remote attack vector means any device exposed to the network can be targeted. An attacker can send a crafted HTTP request to the vulnerable endpoint, overflow the stack, and gain root-level code execution, fully compromising confidentiality, integrity, and availability of the VoIP phone.

Generated by OpenCVE AI on April 17, 2026 at 18:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update firmware to at least version 1.0.7.81, which contains the fix for the stack buffer overflow.
  • Configure network perimeter defenses to block or restrict inbound traffic to the HTTP API ports, effectively preventing unauthenticated access.
  • Monitor device logs for unusual API activity and verify that no unauthorized management sessions are established.

Generated by OpenCVE AI on April 17, 2026 at 18:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Grandstream gxp1610 Firmware
Grandstream gxp1615 Firmware
Grandstream gxp1620 Firmware
Grandstream gxp1625 Firmware
Grandstream gxp1628 Firmware
Grandstream gxp1630 Firmware
CPEs cpe:2.3:h:grandstream:gxp1610:-:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:gxp1615:-:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:gxp1620:-:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:gxp1625:-:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:gxp1628:-:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:gxp1630:-:*:*:*:*:*:*:*
cpe:2.3:o:grandstream:gxp1610_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:grandstream:gxp1615_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:grandstream:gxp1620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:grandstream:gxp1625_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:grandstream:gxp1628_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:grandstream:gxp1630_firmware:*:*:*:*:*:*:*:*
Vendors & Products Grandstream gxp1610 Firmware
Grandstream gxp1615 Firmware
Grandstream gxp1620 Firmware
Grandstream gxp1625 Firmware
Grandstream gxp1628 Firmware
Grandstream gxp1630 Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 19 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Grandstream
Grandstream gxp1610
Grandstream gxp1615
Grandstream gxp1620
Grandstream gxp1625
Grandstream gxp1628
Grandstream gxp1630
Vendors & Products Grandstream
Grandstream gxp1610
Grandstream gxp1615
Grandstream gxp1620
Grandstream gxp1625
Grandstream gxp1628
Grandstream gxp1630

Wed, 18 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 14:45:00 +0000

Type Values Removed Values Added
Description An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.
Title Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Grandstream Gxp1610 Gxp1610 Firmware Gxp1615 Gxp1615 Firmware Gxp1620 Gxp1620 Firmware Gxp1625 Gxp1625 Firmware Gxp1628 Gxp1628 Firmware Gxp1630 Gxp1630 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published:

Updated: 2026-02-18T14:50:51.252Z

Reserved: 2026-02-11T09:26:52.179Z

Link: CVE-2026-2329

cve-icon Vulnrichment

Updated: 2026-02-18T14:50:45.570Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-18T15:18:44.173

Modified: 2026-02-20T20:57:50.360

Link: CVE-2026-2329

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:45:25Z

Weaknesses