Researchers disclosed a critical unauthenticated stack-based buffer overflow in Grandstream GXP1600-series VoIP phones that can enable remote code execution with root privileges. Tracked as CVE-2026-2329 with a CVSS score of 9.3, the flaw resides in the web API (/cgi-bin/api.values.get), affects multiple GXP16xx models, and was patched in firmware 1.0.7.81. #CVE-2026-2329 #GrandstreamGXP1600
Keypoints
- Unauthenticated stack-based buffer overflow in /cgi-bin/api.values.get can lead to remote code execution as root.
- The vulnerability is tracked as CVE-2026-2329 and carries a CVSS score of 9.3.
- Impacted models include GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.
- Rapid7 released a Metasploit module showing root compromise, credential extraction, and reconfiguration to a malicious SIP proxy for call interception.
- Grandstream issued firmware 1.0.7.81 to remediate the issue; exposed or lightly segmented deployments are at greater risk.
Read More: https://thehackernews.com/2026/02/grandstream-gxp1600-voip-phones-exposed.html