CVE-2018-17565

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0130%

EPSS Percentile4.51th

PublishedApr 1, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.

Affected Platforms (CPE)

💻

Grandstream

Gxp1610 Firmware

= 1.0.4.128

💻

Grandstream

Gxp1615 Firmware

= 1.0.4.128

💻

Grandstream

Gxp1620 Firmware

= 1.0.4.128

💻

Grandstream

Gxp1625 Firmware

= 1.0.4.128

💻

Grandstream

Gxp1628 Firmware

= 1.0.4.128

💻

Grandstream

Gxp1630 Firmware

= 1.0.4.128

References & Advisories

🔗 http://grandstream.com/support/firmware

🔗 https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/

🔗 http://grandstream.com/support/firmware

🔗 https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/

Vulnerability Description

Affected Platforms (CPE)

Gxp1610 Firmware

Gxp1615 Firmware

Gxp1620 Firmware

Gxp1625 Firmware

Gxp1628 Firmware

Gxp1630 Firmware

References & Advisories

Related Vulnerabilities