CyberSec.Space Logo
Back to CVE Browser

CVE-2018-17565

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0130%
EPSS Percentile4.51th
PublishedApr 1, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.

Affected Platforms (CPE)

πŸ’»
Grandstream

Gxp1610 Firmware

= 1.0.4.128
πŸ’»
Grandstream

Gxp1615 Firmware

= 1.0.4.128
πŸ’»
Grandstream

Gxp1620 Firmware

= 1.0.4.128
πŸ’»
Grandstream

Gxp1625 Firmware

= 1.0.4.128
πŸ’»
Grandstream

Gxp1628 Firmware

= 1.0.4.128
πŸ’»
Grandstream

Gxp1630 Firmware

= 1.0.4.128

References & Advisories

πŸ”— http://grandstream.com/support/firmware
πŸ”— https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/
πŸ”— http://grandstream.com/support/firmware
πŸ”— https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/

Related Vulnerabilities

CVE-2018-409110.0

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. I...

CVE-2018-1472110.0

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by ...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...

CVE-2018-422910.0

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatc...