CVE-2018-17564

CVE-2018-17564

EPSS 1.6%

A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://grandstream.com/support/firmware https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/