CVE-2016-1519 in Wave Appinfo

Summary

The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

01/07/2016

Disclosure

04/21/2017

Moderation

VulDB entry created

Entries

1: VDB-100445

CPE

ready

CWE

CWE-295 (Confirmed)

CVSS

5.7

EPSS

0.00233

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-1519
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-1519
CVE Details	https://www.cvedetails.com/cve/CVE-2016-1519/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!