CVE-2025-28170

HIGH

Grandstream Networks GXP1628 <=1.0.4.130 - Info Disclosure

Title source: llm

Description

Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.

References (2)

[Product] http://grandstream.com

[Exploit, Third Party Advisory] https://gist.github.com/Exek1el/928ea6fd06d3b48c1c91cfdc30317d8d

Scores

CVSS v3 7.6

EPSS 0.0008

EPSS Percentile 23.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Classification

CWE

CWE-548

Status published

Affected Products (1)

grandstream/gxp1628_firmware < 1.0.4.130

Timeline

Published Jul 29, 2025

Tracked Since Feb 18, 2026