The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and previous versions for Android and Grandstream Video IP phones allows man-in-the-middle malicious users to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from fm.grandstream.com/gs/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
grandstream wave |