Signal

CVE-2026-2329: critical unauthenticated RCE in grandstream GXP1600 VoIP phones

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-18 14:00 UTCUpdated 2026-02-19 03:00 UTC

rss

cvevoiprceunauthenticated_accessstack_buffer_overflowpatch_available

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (5)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP

NCSC-FI - Vulnerabilities · Advisory · nvd.nist.gov · 2026-02-19 03:00 UTC

Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot

Dark Reading · News · darkreading.com · 2026-02-18 21:15 UTC

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

The Hacker News · News · thehackernews.com · 2026-02-18 16:35 UTC

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

Rapid7 Blog · News · rapid7.com · 2026-02-18 14:15 UTC

View all evidence

Overview

A newly disclosed critical flaw in Grandstream GXP1600-series VoIP phones underscores how internet- or externally reachable voice endpoints can become a direct remote-code-execution path into small and midsize business environments. Reporting and advisories converge on CVE-2026-2329 as an unauthenticated, stack-based buffer overflow in the phones’ web/API surface, with vendor firmware available to remediate and public proof-of-concept/exploit demonstration activity referenced by researchers.

Entities

GrandstreamRapid7Metasploit

Score total

1.77

Momentum 24h

5

Posts

5

Origins

4

Source types

1

Duplicate ratio

0%

Why now

Rapid7 publicly disclosed CVE-2026-2329 and noted a fixed firmware release
NVD entry documents the affected endpoint and impacted GXP1600 models
Media coverage is amplifying operational risk for exposed VoIP deployments

Why it matters

Unauthenticated root-level RCE on VoIP endpoints can enable full device takeover
VoIP phones may be exposed via default-reachable web/API services
Abuse could include call interception, toll fraud, and impersonation in SMB environments

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

CVE-2026-2329 is a critical unauthenticated stack-based buffer overflow in Grandstream GXP1600-series VoIP phones that can enable remote code execution with root privileges.
A vendor firmware update (version 1.0.7.81) is available to remediate CVE-2026-2329.
Rapid7 developed a Metasploit exploit module to demonstrate impact for CVE-2026-2329.

How sources frame it

Rapid7: neutral
NVD: neutral
Dark Reading: neutral

Consolidated multiple write-ups into a single CVE-focused entry; kept impact statements tied to cited sources.

All evidence

All evidence

Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP

NCSC-FI - Vulnerabilities · nvd.nist.gov · 2026-02-19 03:00 UTC

Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot

Dark Reading · darkreading.com · 2026-02-18 21:15 UTC

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

The Hacker News · thehackernews.com · 2026-02-18 16:35 UTC

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

Rapid7 Blog · rapid7.com · 2026-02-18 14:15 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

NCSC-FI - Vulnerabilities (1)
Dark Reading (1)
The Hacker News (1)
Rapid7 Blog (1)

Top origin domains (this list)

nvd.nist.gov (1)
darkreading.com (1)
thehackernews.com (1)
rapid7.com (1)