Unauthenticated Remote Code Execution in Grandstream GXP1600 VoIP Phones

First reported

18.02.2026 18:35

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A critical vulnerability (CVE-2026-2329) in Grandstream GXP1600 series VoIP phones allows unauthenticated remote code execution (RCE) with root privileges. The flaw, a stack-based buffer overflow, stems from the device's web-based API service. The vulnerability affects multiple GXP1600 models and has been addressed in firmware version 1.0.7.81. Exploiting this flaw could enable attackers to extract stored credentials, intercept phone calls, and eavesdrop on VoIP conversations. The issue was discovered by Rapid7 researcher Stephen Fewer and demonstrated via a Metasploit exploit module.

Timeline

18.02.2026 18:35 1 articles · 6h ago

Unauthenticated RCE in Grandstream GXP1600 VoIP Phones Disclosed
A critical vulnerability (CVE-2026-2329) in Grandstream GXP1600 series VoIP phones allows unauthenticated remote code execution. The flaw, a stack-based buffer overflow, affects multiple models and has been addressed in firmware version 1.0.7.81. Exploiting this vulnerability can enable attackers to extract credentials and intercept VoIP calls.
Show sources

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution — thehackernews.com — 18.02.2026 18:35
Open in new tab

Information Snippets

The vulnerability is tracked as CVE-2026-2329 with a CVSS score of 9.3.
First reported: 18.02.2026 18:35

1 source, 1 article
Show sources
- Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution — thehackernews.com — 18.02.2026 18:35
The flaw is a stack-based buffer overflow in the web-based API service (/cgi-bin/api.values.get).
First reported: 18.02.2026 18:35

1 source, 1 article
Show sources
- Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution — thehackernews.com — 18.02.2026 18:35
The vulnerability allows unauthenticated remote code execution with root privileges.
First reported: 18.02.2026 18:35

1 source, 1 article
Show sources
- Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution — thehackernews.com — 18.02.2026 18:35
Affected models include GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.
First reported: 18.02.2026 18:35

1 source, 1 article
Show sources
- Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution — thehackernews.com — 18.02.2026 18:35
The issue has been addressed in firmware version 1.0.7.81.
First reported: 18.02.2026 18:35

1 source, 1 article
Show sources
- Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution — thehackernews.com — 18.02.2026 18:35
Exploiting the flaw can lead to credential extraction and VoIP call interception.
First reported: 18.02.2026 18:35

1 source, 1 article
Show sources
- Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution — thehackernews.com — 18.02.2026 18:35

Summary

Timeline

Unauthenticated RCE in Grandstream GXP1600 VoIP Phones Disclosed

Information Snippets