QwikSec

Security Database

CVE

CWE

Training

CVE-2016-1519

Published: Apr 21, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1519-gswave-tls-mitm.pdf

x_refsource_MISC

http://packetstormsecurity.com/files/136290/Grandstream-Wave-1.0.1.26-TLS-Man-In-The-Middle.html

x_refsource_MISC

20160317 CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.