CVE-2018-17564

A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
grandstreamgxp1610_firmware
1.0.4.128
grandstreamgxp1615_firmware
1.0.4.128
grandstreamgxp1620_firmware
1.0.4.128
grandstreamgxp1625_firmware
1.0.4.128
grandstreamgxp1628_firmware
1.0.4.128
grandstreamgxp1630_firmware
1.0.4.128
𝑥
= Vulnerable software versions
References
http://grandstream.com/support/firmware
https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/
http://grandstream.com/support/firmware
https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/