CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-17565

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0130%
EPSS Percentile4.51th
Published2019年4月1日
Last Modified2024年11月21日

Vulnerability Description

Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.

Affected Platforms (CPE)

💻
Grandstream

Gxp1610 Firmware

= 1.0.4.128
💻
Grandstream

Gxp1615 Firmware

= 1.0.4.128
💻
Grandstream

Gxp1620 Firmware

= 1.0.4.128
💻
Grandstream

Gxp1625 Firmware

= 1.0.4.128
💻
Grandstream

Gxp1628 Firmware

= 1.0.4.128
💻
Grandstream

Gxp1630 Firmware

= 1.0.4.128

References & Advisories

🔗 http://grandstream.com/support/firmware
🔗 https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/
🔗 http://grandstream.com/support/firmware
🔗 https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/

相关漏洞威胁

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...

CVE-2018-022210.0

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...

CVE-2018-026810.0

A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenti...