CVE-2018-17563

EUVD-2018-9316
A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
grandstreamgxp1610_firmware
1.0.4.128
grandstreamgxp1615_firmware
1.0.4.128
grandstreamgxp1620_firmware
1.0.4.128
grandstreamgxp1625_firmware
1.0.4.128
grandstreamgxp1628_firmware
1.0.4.128
grandstreamgxp1630_firmware
1.0.4.128
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://grandstream.com/support/firmware
https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/
http://grandstream.com/support/firmware
https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/