CNNVD-202512-830 Information
CNNVD ID
CNNVD-202512-830
Related CVE
- CNNVD Published: 2025-12-07
Description (Chinese)
Grandstream GXP1625是美国Grandstream公司的一款企业IP电话。 Grandstream GXP1625 1.0.7.4版本存在安全漏洞,该漏洞源于组件Network Status Page中文件/cgi-bin/api.values.post对参数vpn_ip的错误操作,可能导致基本跨站脚本攻击。
Description (English)
Grandstream GXP1625 is a corporate IP phone for Grandstream in the United States. There is a security loophole in version 1.0.7.4 of Grandstream GXP 1625, resulting from the error of document/cgi-bin/api.values.post against parameter vpn ip in component Network Status Page, which may result in a basic cross-site script attack.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
潮流网络
Published
2025-12-07
Last Modified
2026-02-24
References
https://vuldb.com/?id.334606 https://drive.google.com/file/d/1rsskCaj4TwiaGG9_VYabjnKMP_zAry7L/view?usp=sharing https://vuldb.com/?ctiid.334606 https://vuldb.com/?submit.698650 https://access.redhat.com/security/cve/cve-2025-14186
Share on: