Vulnerability Details CVE-2025-28170
Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.1%
CVSS Severity
CVSS v3 Score 7.6
Products affected by CVE-2025-28170
-
cpe:2.3:h:grandstream:gxp1628:-
-
cpe:2.3:o:grandstream:gxp1628_firmware:1.0.4.100
-
cpe:2.3:o:grandstream:gxp1628_firmware:1.0.4.106
-
cpe:2.3:o:grandstream:gxp1628_firmware:1.0.4.128
-
cpe:2.3:o:grandstream:gxp1628_firmware:1.0.4.82
-
cpe:2.3:o:grandstream:gxp1628_firmware:1.0.4.88