CVE-2025-28170

CVE-2025-28170CVE-2025-28170

grandstream / gxp1628_firmware

Description

Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.

Scoring

CVSS 7.6 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Last modified2026-07-05
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.