Grandstream GXP1620 VOIP

Platform Information http://www.grandstream.com/products/ip-voice-telephony/basic-ip-phones/product/gxp1620/gxp1625
Search Engine Search on Google
End of Sales -
End of Support -
Wired Connection Yes
Wireless Connection -
Fingerprinting Source DHCP MAC OUI NIC VENDOR
Added at Aug 06, 2019
Manufacturer Name Grandstream Networks, Inc.
Homepage http://www.grandstream.com/
Headquarters United States of America
Business Status Ongoing

Platform’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
No records found.
Manufacturer’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2018-17565
04/01/2019
CRITICAL
HIGH
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.
CVE-2018-17564
04/01/2019
CRITICAL
HIGH
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.
CVE-2018-17563
04/01/2019
MEDIUM
MEDIUM
A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.
CVE-2019-10663
03/30/2019
HIGH
MEDIUM
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.
CVE-2019-10662
03/30/2019
HIGH
HIGH
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.