Unauthenticated Stack-Based Buffer Overflow in Grandstream GXP1600 Series VoIP Phones

CVE-2026-2329

What is CVE-2026-2329?

CVE-2026-2329 is a critical vulnerability affecting the Grandstream GXP1600 Series VoIP phones. This series, commonly used in various organizations for voice over IP communications, includes models such as GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630. The vulnerability manifests as an unauthenticated stack-based buffer overflow in the HTTP API endpoint located at /cgi-bin/api.values.get. An attacker could exploit this flaw to execute arbitrary code remotely with root privileges on the affected devices without the need for authentication, significantly undermining the security of voice communications and network integrity. The potential for unrestricted administrative access could lead to severe disruptions in service, unauthorized data access, and broader network vulnerabilities.

Potential impact of CVE-2026-2329

1. Remote Code Execution (RCE): The vulnerability enables attackers to execute arbitrary code on affected devices without prior authentication, facilitating unauthorized control over VoIP communications and potentially the broader network infrastructure.

2. Data Breach Risks: With root access to the devices, attackers could intercept conversations, extract sensitive data, or deploy malware, leading to significant data breaches that can affect organizational confidentiality and integrity.

3. Service Disruption: Compromised VoIP phones could lead to service outages, disrupting communication within the organization and with external partners or customers, causing operational inefficiencies and potential financial losses.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References