Vulnerability Description
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grandstream | Gxp1610 Firmware | 1.0.4.128 |
| Grandstream | Gxp1610 | - |
| Grandstream | Gxp1615 Firmware | 1.0.4.128 |
| Grandstream | Gxp1615 | - |
| Grandstream | Gxp1620 Firmware | 1.0.4.128 |
| Grandstream | Gxp1620 | - |
| Grandstream | Gxp1625 Firmware | 1.0.4.128 |
| Grandstream | Gxp1625 | - |
| Grandstream | Gxp1628 Firmware | 1.0.4.128 |
| Grandstream | Gxp1628 | - |
| Grandstream | Gxp1630 Firmware | 1.0.4.128 |
| Grandstream | Gxp1630 | - |
Related Weaknesses (CWE)
References
- http://grandstream.com/support/firmwareVendor Advisory
- https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-ph
- http://grandstream.com/support/firmwareVendor Advisory
- https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-ph
FAQ
What is CVE-2018-17565?
CVE-2018-17565 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.
How severe is CVE-2018-17565?
CVE-2018-17565 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-17565?
Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Gxp1610 Firmware, Grandstream Gxp1610, Grandstream Gxp1615 Firmware, Grandstream Gxp1615, Grandstream Gxp1620 Firmware.