PT-2017-7963 · Grandstream · Grandstream Wave

Published

2017-04-21

Updated

2018-10-09

CVE-2016-1520

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Grandstream Wave app versions 1.0.1.26 and earlier

Description The issue concerns the Grandstream Wave app not using HTTPS when retrieving update information. This might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.

Recommendations For Grandstream Wave app versions 1.0.1.26 and earlier, consider updating to a newer version that uses HTTPS for retrieving update information to prevent man-in-the-middle attacks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

CVE-2016-1520

Affected Products

Grandstream Wave

PT-2017-7963 · Grandstream · Grandstream Wave

CVE-2016-1520

Weakness Enumeration

Related Identifiers

Affected Products

References · 5