Home News Critical Grandstream GXP1600 Vulnerability Allows Silent Call Interception and Remote Root Access
News

Critical Grandstream GXP1600 Vulnerability Allows Silent Call Interception and Remote Root Access

164

A critical vulnerability has been discovered in Grandstream’s GXP1600 series VoIP phones that could allow attackers to intercept calls and execute code remotely with root privileges. Tracked as CVE-2026-2329, the flaw is a stack-based buffer overflow that can be exploited without authentication, making it particularly dangerous for small and medium-sized businesses that commonly use these devices.

Security researchers at Rapid7 reported that an attacker exploiting this vulnerability could extract sensitive information, including local and SIP account credentials. With root access, the attacker could reconfigure the device’s SIP settings to route calls through infrastructure they control, enabling silent and transparent call interception. Users would see normal dial tones and displays, but conversations—including confidential business discussions or personal matters—could be eavesdropped on in real time.

Douglas McKee, director of vulnerability intelligence at Rapid7, noted that while exploitation requires skill and technical knowledge, the vulnerability lowers the barrier to serious attacks, especially in lightly segmented or exposed network environments. Grandstream devices have previously been targeted for botnet inclusion and other attacks, increasing concern about potential exploitation.

The vulnerability was responsibly disclosed to Grandstream in January 2026, and the company released a patched firmware version 1.0.7.81 within a week. Both Rapid7 and Grandstream have published advisories detailing the vulnerability and mitigation steps.

1 Comment

  • This vulnerability highlights the risks of using exposed or lightly segmented VoIP devices in business environments. Attackers gaining root access can silently intercept calls and steal credentials without detection. It’s crucial for organizations using Grandstream phones to update to the patched firmware immediately and ensure proper network segmentation to mitigate potential exploitation.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...