Critical Grandstream Phone Vulnerability Exposes Calls to Interception
The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges. The post Critical Grandstream Phone Vulnerability Exposes Calls to Interception appeared first on SecurityWeek.
A critical vulnerability affecting Grandstream’s GXP1600 series phones could allow threat actors to intercept calls, Rapid7 reported this week.
The vulnerability, tracked as CVE-2026-2329, has been described as a stack-based buffer overflow that can be exploited by an unauthenticated attacker to remotely execute code with root privileges on the targeted device.
The GXP1600 is a line of basic VoIP desktop phones mainly used by small-to-medium businesses.
Source: https://www.securityweek.com/critical-grandstream-phone-vulnerability-exposes-calls-to-interception/
Related breach coverage
- Critical Vulnerability Exposes n8n Instances to Takeover Attacks2026-01-08
Tracked as CVE-2026-21858 (CVSS score 10), the bug enables remote code execution without authentication. The post Critical Vulnerability Exposes n8n Instances to Takeover Attacks appeared first on SecurityWeek.
- Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability2026-03-23
CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability appeared first on SecurityWeek.
- Critical HPE OneView Vulnerability Exploited in Attacks2026-01-08
The maximum-severity code injection flaw can be exploited without authentication for remote code execution. The post Critical HPE OneView Vulnerability Exploited in Attacks appeared first on SecurityWeek.
- Critical WatchGuard Firebox Vulnerability Exploited in Attacks2025-11-13
Tracked as CVE-2025-9242 (CVSS score of 9.3), the flaw leads to unauthenticated, remote code execution on vulnerable firewalls. The post Critical WatchGuard Firebox Vulnerability Exploited in Attacks appeared first on SecurityWeek.