CVE-2016-1520
N/A
N/A
Summary
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://packetstormsecurity.com/files/136291/Grandstream-Wave-1.0.1.26-Update-Redirection.html
- https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1520-app-update-redirection.pdf
- http://www.securityfocus.com/archive/1/537821/100/0/threaded
References
- http://packetstormsecurity.com/files/136291/Grandstream-Wave-1.0.1.26-Update-Redirection.html
- https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1520-app-update-redirection.pdf
- http://www.securityfocus.com/archive/1/537821/100/0/threaded
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.