Iridiumxor

**Name of the Vulnerable Software and Affected Versions** Grandstream GXP16xx VoIP version 1.0.4.128 **Description** The issue allows attackers to dump the device's configuration in cleartext by sending a malformed input string to the "cgi-bin/api-get line status" API endpoint. **Recommendations** For Grandstream GXP16xx VoIP version 1.0.4.128, as a temporary workaround, consider restricting access to the "cgi-bin/api-get line status" API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Grandstream GXP16xx VoIP version 1.0.4.128 **Description** The issue arises from a malformed input string sent to the "/cgi-bin/delete CA" API endpoint, allowing attackers to delete configuration parameters and gain admin access to the device. **Recommendations** For Grandstream GXP16xx VoIP version 1.0.4.128, as a temporary workaround, consider restricting access to the "/cgi-bin/delete CA" API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Grandstream GXP16xx VoIP version 1.0.4.128 **Description** The issue allows attackers to execute arbitrary system commands and gain a root shell due to Shell Metacharacter Injection in the SSH configuration interface. **Recommendations** For Grandstream GXP16xx VoIP version 1.0.4.128, update the software to a version that fixes this issue, as using the current version poses a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.