A critical zero-day vulnerability in Grandstream’s GXP1600 series VoIP phones, designated CVE-2026-2329, allowing unauthenticated remote code execution with root privileges. This stack-based buffer overflow affects the web-based API service on TCP port 80, accessible in default configurations without any authentication. All six models GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630 share the same firmware image […] The post Remote Code Execution Flaw In Grandstream GXP1600 Phones Exposed With PoC Exploit appeared first on Cyber Security News.