Vulnerability Description
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grandstream | Gxp1610 Firmware | 1.0.4.128 |
| Grandstream | Gxp1610 | - |
| Grandstream | Gxp1615 Firmware | 1.0.4.128 |
| Grandstream | Gxp1615 | - |
| Grandstream | Gxp1620 Firmware | 1.0.4.128 |
| Grandstream | Gxp1620 | - |
| Grandstream | Gxp1625 Firmware | 1.0.4.128 |
| Grandstream | Gxp1625 | - |
| Grandstream | Gxp1628 Firmware | 1.0.4.128 |
| Grandstream | Gxp1628 | - |
| Grandstream | Gxp1630 Firmware | 1.0.4.128 |
| Grandstream | Gxp1630 | - |
References
- http://grandstream.com/support/firmwareVendor Advisory
- https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-ph
- http://grandstream.com/support/firmwareVendor Advisory
- https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-ph
FAQ
What is CVE-2018-17564?
CVE-2018-17564 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.
How severe is CVE-2018-17564?
CVE-2018-17564 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-17564?
Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Gxp1610 Firmware, Grandstream Gxp1610, Grandstream Gxp1615 Firmware, Grandstream Gxp1615, Grandstream Gxp1620 Firmware.