CVE-2026-2329
Published: Feb 18, 2026
Modified: Feb 18, 2026
Description
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.
| Vendor | Product | Versions |
|---|---|---|
Grandstream | GXP1610 | affected 0 - <= 1.0.7.80 |
Grandstream | GXP1615 | affected 0 - <= 1.0.7.80 |
Grandstream | GXP1620 | affected 0 - <= 1.0.7.80 |
Grandstream | GXP1625 | affected 0 - <= 1.0.7.80 |
Grandstream | GXP1628 | affected 0 - <= 1.0.7.80 |
Grandstream | GXP1630 | affected 0 - <= 1.0.7.80 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now