CVE Vulnerabilities

CVE-2025-28170

Exposure of Information Through Directory Listing

Published: Jul 29, 2025 | Modified: Aug 06, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.

Weakness

A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.

Affected Software

Name Vendor Start Version End Version
Gxp1628_firmware Grandstream * 1.0.4.130 (including)

Potential Mitigations

References