Vulnerability Description
A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grandstream | Gxp1610 Firmware | 1.0.4.128 |
| Grandstream | Gxp1610 | - |
| Grandstream | Gxp1615 Firmware | 1.0.4.128 |
| Grandstream | Gxp1615 | - |
| Grandstream | Gxp1620 Firmware | 1.0.4.128 |
| Grandstream | Gxp1620 | - |
| Grandstream | Gxp1625 Firmware | 1.0.4.128 |
| Grandstream | Gxp1625 | - |
| Grandstream | Gxp1628 Firmware | 1.0.4.128 |
| Grandstream | Gxp1628 | - |
| Grandstream | Gxp1630 Firmware | 1.0.4.128 |
| Grandstream | Gxp1630 | - |
Related Weaknesses (CWE)
References
- http://grandstream.com/support/firmwareVendor Advisory
- https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-ph
- http://grandstream.com/support/firmwareVendor Advisory
- https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-ph
FAQ
What is CVE-2018-17563?
CVE-2018-17563 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.
How severe is CVE-2018-17563?
CVE-2018-17563 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-17563?
Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Gxp1610 Firmware, Grandstream Gxp1610, Grandstream Gxp1615 Firmware, Grandstream Gxp1615, Grandstream Gxp1620 Firmware.