Critical Vulnerability Found in Grandstream VoIP Phones

Critical Vulnerability Found in Grandstream VoIP Phones

Posted on By CWS

A critical zero-day vulnerability, identified as CVE-2026-2329, has been discovered in Grandstream’s GXP1600 series VoIP desk phones. This issue allows remote attackers to execute root-level code on affected devices.

Understanding the Vulnerability

The vulnerability stems from an unauthenticated stack-based buffer overflow present in the phones’ firmware, which affects all six models within the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630. The flaw, rated as critical by Rapid7 with a CVSS v4.0 score of 9.3, is tied to CWE-121, indicating a stack-based buffer overflow vulnerability.

Technical Details of the Exploit

The vulnerability is located within the phone’s web service/API, specifically an API endpoint accessible via HTTP on port 80. Rapid7’s analysis pinpointed the issue at the endpoint /cgi-bin/api.values.get, where an attacker can craft a request that overflows a 64-byte stack buffer due to insufficient boundary checks.

Exploitation is facilitated by a Metasploit module, which targets the GXP1630 model among others, allowing unauthenticated attackers to gain root-level access. The exploit takes advantage of the absence of certain security mitigations, including the lack of stack canaries and position-independent executables (PIE), making the attack feasible and reliable.

Mitigation and Recommendations

In response to the vulnerability, Grandstream has issued firmware version 1.0.7.81 to mitigate the issue. Organizations using affected devices are strongly urged to update to this firmware version immediately to protect against potential exploitation.

The release notes from Grandstream, dated January 30, 2026, confirm that the update addresses several security vulnerabilities, underscoring the importance of applying the patch promptly. This update is crucial in securing the SIP infrastructure and preventing unauthorized call interceptions.

For continued updates on cybersecurity threats and solutions, follow us on Google News, LinkedIn, and X. If you have stories to feature, please contact us.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Better Auth API keys Vulnerability Let Attackers Create Privileged Credentials For Arbitrary Users Better Auth API keys Vulnerability Let Attackers Create Privileged Credentials For Arbitrary Users Cyber Security News
AI API Routers: Security Risks and Data Theft Concerns AI API Routers: Security Risks and Data Theft Concerns Cyber Security News
Hackers Exploiting GeoServer RCE Vulnerability to Deploy CoinMiner Hackers Exploiting GeoServer RCE Vulnerability to Deploy CoinMiner Cyber Security News
Critical ScreenConnect Flaw Puts Remote Sessions at Risk Critical ScreenConnect Flaw Puts Remote Sessions at Risk Cyber Security News
Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications Cyber Security News
New Forensic Technique Uncovers Hidden Trails Left by Hackers Exploiting RDP New Forensic Technique Uncovers Hidden Trails Left by Hackers Exploiting RDP Cyber Security News