CVE-2026-2329 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Affected Products (NVD)

Vendor	Product	Version
grandstream	gxp1610_firmware	𝑥 < 1.0.7.81
grandstream	gxp1615_firmware	𝑥 < 1.0.7.81
grandstream	gxp1620_firmware	𝑥 < 1.0.7.81
grandstream	gxp1625_firmware	𝑥 < 1.0.7.81
grandstream	gxp1628_firmware	𝑥 < 1.0.7.81
grandstream	gxp1630_firmware	𝑥 < 1.0.7.81

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Vulnerability Media Exposure

[ENGLISH] Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution
Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been described as a case of unauthenticated stack-based buffer overflow that could result in remote code
Published: 2026-02-18T22:05:00+05:30
[ENGLISH] Flaw in Grandstream VoIP phones allows stealthy eavesdropping
A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. [...]
Published: 2026-02-19T12:16:32-05:00

References

https://firmware.grandstream.com/Release_Note_GXP16xx_1.0.7.81.pdf

https://github.com/rapid7/metasploit-framework/pull/20983

https://psirt.grandstream.com/

https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed