CVE-2025-28170

High

Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing…

mitre·CWE-548·Published 2025-07-29

CVSS

7.6

EPSS

0.00

KEV

Exploits

cve.orgen

205 chars

Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.

NVDen

205 chars

NVDes

246 chars

Grandstream Networks GXP1628 <=1.0.4.130 es vulnerable a un control de acceso incorrecto. El dispositivo está configurado con el listado de directorios habilitado, lo que permite el acceso no autorizado a directorios y archivos confidenciales.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.6	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
3.1	Primary	cve.org	7.6	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L