CVE-2026-2329

Name of the Vulnerable Software and Affected Versions Grandstream GXP1600 series VoIP phones Grandstream GXP1610 through GXP1630 Grandstream GXP1600 versions prior to 1.0.7.81

Description An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint

/cgi-bin/api.values.get

of Grandstream GXP1600 series VoIP phones. This vulnerability allows a remote attacker to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. Successful exploitation can lead to the theft of SIP and local credentials, device reconfiguration to malicious SIP proxies, transparent call interception, and real-time eavesdropping. The vulnerability allows attackers to silently intercept calls without any visible indicators. The affected devices can be used as stealthy internal network footholds. The vulnerability is tracked as CVE-2026-2329 and has a CVSS score of 9.3.

Recommendations Grandstream GXP1610 versions prior to 1.0.7.81: Update to firmware version 1.0.7.81 or later. Grandstream GXP1615 versions prior to 1.0.7.81: Update to firmware version 1.0.7.81 or later. Grandstream GXP1620 versions prior to 1.0.7.81: Update to firmware version 1.0.7.81 or later. Grandstream GXP1625 versions prior to 1.0.7.81: Update to firmware version 1.0.7.81 or later. Grandstream GXP1628 versions prior to 1.0.7.81: Update to firmware version 1.0.7.81 or later. Grandstream GXP1630 versions prior to 1.0.7.81: Update to firmware version 1.0.7.81 or later. Restrict access to the

/cgi-bin/api.values.get

API endpoint. Segment VoIP gear using VLANs or Access Control Lists (ACLs). Disable unnecessary services on the devices. Monitor SIP traffic for anomalies.