Latest Grandstream VoIP phone vulnerability: CVE-2026-2329 #
Security researchers at Rapid7 reported a stack-based buffer overflow vulnerability in the HTTP API endpoint /cgi-bin/api.values.get. Successful exploitation could allow a remote, unauthenticated adversary achieve remote code execution (RCE) with root privileges on the phone. The vulnerability has been designated CVE-2026-2329 and has been rated critical with a CVSS score of 9.3.
The following models and versions are affected
- GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630 firmware versions prior to 1.0.7.81
What are Grandstream GXP1600 Series VoIP Phones? #
The Grandstream GXP1600 series is a collection of entry-level, Linux-based Voice over Internet Protocol (VoIP) phones used for making and receiving voice calls over a network via the Session Initiation Protocol (SIP).
What is the impact? #
Successful exploitation of the vulnerability would allow an adversary to execute arbitrary code on the vulnerable host, potentially leading to complete system compromise.
Are updates or workarounds available? #
Users are encouraged to update to the latest version as quickly as possible:
- GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630 upgrade to firmware version 1.0.7.81 or later
How to find potentially vulnerable systems with runZero #
From the Asset Inventory, use the following query to locate potentially impacted assets:
hw:="Grandstream GXP16__" AND (os_version:>0 AND os_version:<"1.0.7.81")
