A critical stack-buffer overflow in Grandstream GXP1600 series VoIP phones allows a remote unauthenticated attacker to gain root privileges and silently eavesdrop on calls. Rapid7 published technical details and a Metasploit module demonstrating exploitation of CVE-2026-2329, and Grandstream released firmware 1.0.7.81 to fix the issue; administrators should update immediately. #CVE-2026-2329 #Grandstream
Keypoints
- Critical stack-buffer overflow in the device web API enables unauthenticated remote code execution as root.
- The flaw impacts GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630 running firmware prior to 1.0.7.81.
- Rapid7 developed a Metasploit module showing exploitation can extract credentials and reconfigure devices to eavesdrop via a malicious SIP proxy.
- Exploitation abuses colon-delimited identifiers to repeatedly trigger the overflow and write multiple null bytes for a ROP chain.
- Grandstream released firmware 1.0.7.81 on February 3 to address the issue; apply updates immediately.