Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

AndyC 19 February 2026

Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices.

Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices.
The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been described as a case of unauthenticated stack-based buffer overflow that could result in remote code

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody

Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody

AndyC 19 February 2026
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

AndyC 19 February 2026
Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability

Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability

AndyC 19 February 2026
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024

Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024

AndyC 19 February 2026
3 Ways to Start Your Intelligent Workflow Program

3 Ways to Start Your Intelligent Workflow Program

AndyC 19 February 2026
Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

AndyC 19 February 2026

You may have missed

Figure Breach Enters New Phase After Data Leak Claims

Figure Breach Enters New Phase After Data Leak Claims

AndyC 19 February 2026
Figure Breach Enters New Phase After Data Leak Claims

Figure Breach Enters New Phase After Data Leak Claims

AndyC 19 February 2026
Palo Alto Networks Moves to Secure Agentic Endpoints with Koi Deal

Moltbook is Dangerous, but Scale Doesn’t Match the Hype: Zenity

AndyC 19 February 2026
Palo Alto Networks Moves to Secure Agentic Endpoints with Koi Deal

Moltbook is Dangerous, but Scale Doesn’t Match the Hype: Zenity

AndyC 19 February 2026
Figure Breach Enters New Phase After Data Leak Claims

Microsoft Patches Security Flaw That Exposed Confidential Emails to AI

AndyC 19 February 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.