What the vulnerability does

01Description

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.

Key dates

02Disclosure timeline

April 14, 2020 CVE published
August 4, 2024 Record updated