QwikSec

Security Database

CVE

CWE

Training

CVE-2016-1518

Published: Apr 21, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1518-insecure-provisioning.pdf

x_refsource_MISC

20160317 CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/136280/Grandstream-Wave-1.0.1.26-Man-In-The-Middle.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.