Gxp1628 firmware

This hub aggregates every CVE we track for Gxp1628 firmware, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 7 most recently published vulnerabilities affecting Gxp1628 firmware.

• CVE-2026-2329Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow9.8Feb 18, 2026
• CVE-2025-28170Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories an...7.6Jul 29, 2025
• CVE-2020-5739Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Addit...8.8Apr 14, 2020
• CVE-2020-5738Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpn...8.8Apr 14, 2020
• CVE-2018-17565Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.9.8Apr 1, 2019
• CVE-2018-17564A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.9.8Apr 1, 2019
• CVE-2018-17563A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.5.3Apr 1, 2019