CVE-2018-17564
First published: Mon Apr 01 2019(Updated: )
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Grandstream Gxp1610 Firmware | =1.0.4.128 | |
| Grandstream Gxp1610 | ||
| Grandstream Gxp1615 Firmware | =1.0.4.128 | |
| Grandstream Gxp1615 | ||
| Grandstream Gxp1620 Firmware | =1.0.4.128 | |
| Grandstream Gxp1620 | ||
| Grandstream Gxp1625 Firmware | =1.0.4.128 | |
| Grandstream Gxp1625 | ||
| Grandstream Gxp1628 Firmware | =1.0.4.128 | |
| Grandstream Gxp1628 | ||
| Grandstream Gxp1630 Firmware | =1.0.4.128 | |
| Grandstream Gxp1630 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-17564?
CVE-2018-17564 is a vulnerability that allows attackers to delete configuration parameters and gain admin access to Grandstream GXP16xx VoIP 1.0.4.128 phones.
How severe is CVE-2018-17564?
CVE-2018-17564 has a severity rating of 9.8, which is considered critical.
Which software versions are affected by CVE-2018-17564?
Grandstream GXP1610 Firmware 1.0.4.128, Grandstream GXP1615 Firmware 1.0.4.128, Grandstream GXP1620 Firmware 1.0.4.128, Grandstream GXP1625 Firmware 1.0.4.128, and Grandstream GXP1628 Firmware 1.0.4.128 are affected by CVE-2018-17564.
How can an attacker exploit CVE-2018-17564?
An attacker can exploit CVE-2018-17564 by sending a malformed input string to /cgi-bin/delete_CA, which allows them to delete configuration parameters and gain admin access.
Where can I find more information about CVE-2018-17564?
You can find more information about CVE-2018-17564 at the following references: [Grandstream Firmware Support](http://grandstream.com/support/firmware) and [IridiumXOR Blog](https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/)
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/grandstream
- canonical/grandstream gxp1610 firmware
- version/grandstream gxp1610 firmware/1.0.4.128
- canonical/grandstream gxp1610
- canonical/grandstream gxp1615 firmware
- version/grandstream gxp1615 firmware/1.0.4.128
- canonical/grandstream gxp1615
- canonical/grandstream gxp1620 firmware
- version/grandstream gxp1620 firmware/1.0.4.128
- canonical/grandstream gxp1620
- canonical/grandstream gxp1625 firmware
- version/grandstream gxp1625 firmware/1.0.4.128
- canonical/grandstream gxp1625
- canonical/grandstream gxp1628 firmware
- version/grandstream gxp1628 firmware/1.0.4.128
- canonical/grandstream gxp1628
- canonical/grandstream gxp1630 firmware
- version/grandstream gxp1630 firmware/1.0.4.128
- canonical/grandstream gxp1630