Dear Grandstream Customers,
Firmware 126.96.36.199 for GXW4501/4502/4504 is now released as official. Here is the link to the release notes:
Firmware 188.8.131.52 contains security fix. Please find security bulletin here:
This security bulletin describes a vulnerability in the Grandstream GXW4501/4502/4504 series digital VoIP gateways that could allow malicious users to obtain user passwords.
A recent security issue was discovered regarding SQL injections that could allow malicious unauthenticated users to retrieve the passwords of created users from the GXW4501/4502/4504 series digital VoIP gateways with firmware 184.108.40.206 or older. When certain actions are invoked on specific ports, the related modules will be vulnerable to the aforementioned SQL injections and brute force attacks.
After upgrading, please make sure to change web access passwords for ALL users in GXW450x web UI->Maintenance->User Management page, which includes super admin and admin users. It’s also highly recommended to change the username to be different from the previous username. If any unknown user exists in User Management page, please remove it immediately.
The firmware and release notes can be downloaded from:
Please contact Grandstream Suppport should you have any issues. Thank you for your support for Grandstream products.
Grandstream Networks, Inc.