A critical security vulnerability (CVE-2026-2329) in Grandstream VoIP phones could let hackers remotely take full control of the devices and even intercept calls, Rapid7 researchers discovered. “The vulnerability is present in the device’s web-based API service, and is accessible in a default configuration,” Rapid7 researcher Stephen Fewer noted. The risks related to CVE-2026-2329 exploitation CVE-2026-2329 stems from improper bounds checking in a web management endpoint. An attacker can send a specially crafted request to the … More →
The post Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329) appeared first on Help Net Security.
http://news.poseidon-us.com/TR315K
