{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T15:19:08.229","vulnerabilities":[{"cve":{"id":"CVE-2026-2329","sourceIdentifier":"cve@rapid7.com","published":"2026-02-18T15:18:44.173","lastModified":"2026-02-20T20:57:50.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630."},{"lang":"es","value":"Existe una vulnerabilidad de desbordamiento de búfer basado en pila no autenticada en el endpoint de la API HTTP /cgi-bin/api.values.get. Un atacante remoto puede aprovechar esta vulnerabilidad para lograr ejecución remota de código (RCE) no autenticada con privilegios de root en un dispositivo objetivo. La vulnerabilidad afecta a los seis modelos de dispositivo de la serie: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628 y GXP1630."}],"metrics":{"cvssMetricV40":[{"source":"cve@rapid7.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cve@rapid7.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:grandstream:gxp1610_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.7.81","matchCriteriaId":"99246F81-B826-4D2F-9A82-629E64BF95EE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:grandstream:gxp1610:-:*:*:*:*:*:*:*","matchCriteriaId":"D92122D2-AD92-4EC3-81C3-CC58C3E3C287"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:grandstream:gxp1615_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.7.81","matchCriteriaId":"A3D913E1-E682-454A-B6A9-9D8815E692B5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:grandstream:gxp1615:-:*:*:*:*:*:*:*","matchCriteriaId":"713E836B-E61E-4E74-9026-F6470C9555F1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:grandstream:gxp1620_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.7.81","matchCriteriaId":"03F5647A-F0A2-44D4-AE37-36D1B26A4DD0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:grandstream:gxp1620:-:*:*:*:*:*:*:*","matchCriteriaId":"898FC5BB-6D88-4ED3-95FE-ACFA8D99AAD7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:grandstream:gxp1625_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.7.81","matchCriteriaId":"CABEDD99-B978-4818-9F7D-D53089E02BE0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:grandstream:gxp1625:-:*:*:*:*:*:*:*","matchCriteriaId":"280FCCEF-196B-4BD4-B5C2-7DECC224A84C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:grandstream:gxp1628_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.7.81","matchCriteriaId":"627DD526-9A9A-43BE-B060-3090FF33E741"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:grandstream:gxp1628:-:*:*:*:*:*:*:*","matchCriteriaId":"8CDF28C0-982E-4DB8-8F3A-75103F2AF9A4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:grandstream:gxp1630_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.7.81","matchCriteriaId":"0F3398B8-0265-46D4-86C1-761B068424D9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:grandstream:gxp1630:-:*:*:*:*:*:*:*","matchCriteriaId":"63FC9463-51FD-493D-B2FD-4E61EC6B98CA"}]}]}],"references":[{"url":"https://firmware.grandstream.com/Release_Note_GXP16xx_1.0.7.81.pdf","source":"cve@rapid7.com","tags":["Product","Release Notes"]},{"url":"https://github.com/rapid7/metasploit-framework/pull/20983","source":"cve@rapid7.com","tags":["VDB Entry","Patch"]},{"url":"https://psirt.grandstream.com/","source":"cve@rapid7.com","tags":["Vendor Advisory"]},{"url":"https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed","source":"cve@rapid7.com","tags":["Third Party Advisory","VDB Entry"]}]}}]}