CVE-2026-2329
Published: 18 February 2026
Summary
CVE-2026-2329 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Grandstream Gxp1610 Firmware. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-2329 is an unauthenticated stack-based buffer overflow vulnerability (CWE-121) in the HTTP API endpoint /cgi-bin/api.values.get on Grandstream GXP16xx series VoIP phones. It affects all six models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630. The vulnerability was published on 2026-02-18 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A remote attacker requires no authentication or privileges to exploit this vulnerability over the network with low complexity. Successful exploitation enables unauthenticated remote code execution (RCE) with root privileges on the target device.
Grandstream's firmware release notes for version 1.0.7.81 address the vulnerability, as do advisories on their PSIRT page at psirt.grandstream.com. A Rapid7 blog post details the issue and its fix, while a Metasploit Framework pull request (#20983) proposes an exploit module.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8089
Vulnerability details
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device…
more
models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated stack-based buffer overflow in public-facing HTTP API endpoint enables remote code execution, directly facilitating T1190: Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents stack-based buffer overflows by validating the length and format of inputs to the vulnerable /cgi-bin/api.values.get HTTP API endpoint.
Mitigates RCE from stack buffer overflows using memory safeguards like stack canaries, non-executable memory, and address space layout randomization.
Ensures timely firmware patching to remediate the specific buffer overflow vulnerability affecting Grandstream GXP16xx VoIP phones.