PT-2025-31221 · Grandstream Networks · Gxp1628

Exek1El

Published

2025-07-29

Updated

2025-08-03

CVE-2025-28170

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions Grandstream Networks GXP1628 versions 1.0.4.130 and earlier

Description The Grandstream Networks GXP1628 device is susceptible to incorrect access control due to directory listing being enabled. This allows unauthorized access to sensitive directories and files.

Recommendations Disable directory listing on Grandstream Networks GXP1628 versions 1.0.4.130 and earlier.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-548

Related Identifiers

CVE-2025-28170

Affected Products

Gxp1628

PT-2025-31221 · Grandstream Networks · Gxp1628

CVE-2025-28170

Weakness Enumeration

Related Identifiers

Affected Products

References · 8