Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Grandstream GXP1600 代码注入漏洞
Vulnerability Description
Grandstream GXP1600是美国潮流网络(Grandstream)公司的一款IP电话产品。 Grandstream GXP1600系列使用1.0.4.152及之前版本固件存在代码注入漏洞。攻击者可借助‘Additional Settings’字段利用该漏洞向配置文件中添加任意的OpenVPN配置设置,以root权限执行代码。
CVSS Information
N/A
Vulnerability Type
N/A