CVE-2025-28170

Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
mitreCNA
---
---
CISA-ADPADP
7.6 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
grandstreamgxp1628_firmware
𝑥
≤ 1.0.4.130
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://grandstream.com
https://gist.github.com/Exek1el/928ea6fd06d3b48c1c91cfdc30317d8d