A important vulnerability affecting Grandstream’s GXP1600 collection telephones might permit risk actors to intercept calls, Rapid7 reported this week.
The vulnerability, tracked as CVE-2026-2329, has been described as a stack-based buffer overflow that may be exploited by an unauthenticated attacker to remotely execute code with root privileges on the focused machine.
The GXP1600 is a line of primary VoIP desktop telephones primarily utilized by small-to-medium companies.
An attacker might exploit the vulnerability to extract secrets and techniques from susceptible telephones, together with native and SIP account credentials, enabling name interception and eavesdropping.
“With root entry, the attacker can reconfigure the machine’s SIP settings to level to infrastructure they management. A malicious SIP proxy. Calls nonetheless dial. The show nonetheless lights up. The person nonetheless hears a dial tone. However now, each name flows via another person’s palms first,” defined Douglas McKee, director of vulnerability intelligence at Rapid7.
“There’s no dramatic ‘wiretap put in’ second. No van parked exterior with antennas on the roof. Simply silent, clear interception. Conversations about contracts, negotiations, authorized technique, possibly even delicate private issues — all are relayed in actual time,” McKee added.
Nevertheless, the knowledgeable famous that “exploitation requires data and ability”.
“This isn’t a one-click exploit with fireworks and a victory banner. However the underlying vulnerability lowers the barrier in a manner that ought to concern anybody working these units in uncovered or lightly-segmented environments,” McKee mentioned.
Menace actors have been identified to focus on Grandstream product vulnerabilities, together with to ensnare them in botnets.
The vulnerability was responsibly disclosed to Grandstream in January and a patched firmware model (1.0.7.81) was made accessible in simply over per week.
Rapid7 has launched technical particulars for CVE-2026-2329. Grandstream has printed its personal advisory for the vulnerability.
Associated: Aquabot Botnet Concentrating on Susceptible Mitel Telephones
Associated: Pixnapping Assault Steals Information From Google, Samsung Android Telephones
Associated: Landfall Android Adware Focused Samsung Telephones through Zero-Day
