Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

A critical security flaw (CVE-2026-2329) has been discovered in Grandstream GXP1600 series VoIP phones, enabling unauthenticated remote code execution with root privileges. This vulnerability, present in the device’s web-based API, affects multiple models and has been addressed in a firmware update (version 1.0.7.81).