Grandstream Gxp1620 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Grandstream Gxp1620 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2018-17564 — CVSS 9.8 (critical): A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration…
CVE-2018-17565 — CVSS 9.8 (critical): Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute…
CVE-2026-2329 — CVSS 9.8 (critical): An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can…
CVE-2020-5738 — CVSS 8.8 (high): Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a…
CVE-2020-5739 — CVSS 8.8 (high): Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an…
CVE-2018-17563 — CVSS 5.3 (medium): A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's…