CVE-2026-2329

Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow

CVSS 9.3 CRITICALEPSS 40.0%CWE-121

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Grandstream · GXP1610 Grandstream · GXP1615 Grandstream · GXP1620 Grandstream · GXP1625 Grandstream · GXP1628 Grandstream · GXP1630

public PoCs found — 1

cve_referencegithub.com/rapid7/metasploit-framework/pull/20983unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://firmware.grandstream.com/Release_Note_GXP16xx_1.0.7.81.pdf https://github.com/rapid7/metasploit-framework/pull/20983 https://psirt.grandstream.com/https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed