Input Validation Issue in Grandstream VoIP Phones
CVE-2018-17563

5.3MEDIUM

Key Information:

Vendor: Grandstream
Status: Gxp1610 Firmware
Vendor: CVE Published:; 1 April 2019

🔔 Create Grandstream Vulnerability Alert

What is CVE-2018-17563?

A vulnerability exists in Grandstream GXP16xx VoIP phones that allows attackers to exploit malformed input strings sent to the /cgi-bin/api-get_line_status endpoint. This flaw enables unauthorized access to the device's configuration settings, which can be retrieved in cleartext, posing significant security risks.

References

http://grandstream.com/support/firmware

x_refsource_MISC

https://iridiumxor.wordpress.com/2019/01/03/three-simple-...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2019
Vulnerability Reserved
Sep 26, 2018