Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.
VoIP is voice communication over IP networks, where exposed services and flawed configurations can enable interception, fraud, or service disruption.
Search across headline titles and summaries.
Background for this topic.
Voice over Internet Protocol (VoIP) carries voice and related communications as IP network traffic, typically separating call signaling—often SIP—from audio or video media—often RTP. It includes internet calling services and enterprise phone systems such as IP-PBXs, session border controllers, handsets, and management portals.
Its security depends on both the VoIP applications and the networks they use. Internet-exposed SIP services and weakly protected accounts can enable unauthorized calling (toll fraud), call-routing changes, or denial-of-service; unencrypted or misconfigured media can expose conversations. Practitioners should restrict and authenticate signaling and administration, patch PBX and session-border software, use TLS and SRTP where supported, segment voice systems, and monitor registrations, call records, and unusual destinations. Vulnerability management must cover phones, servers, web interfaces, and integrations, while logs and call-routing data require appropriate privacy controls.
Weekly headline count for the current query.
CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.
VoIP gear, hypervisors, medical equipment, building automation, printers, and more pose broad risk to organizations, with many facing danger from a combo of IT, IoT, and OT all at once. This listicle breaks it down.
The Commission's breach rules for voice and wireless providers, untouched since 2017, have finally been updated for the modern age.
The growing use of mobile devices for MFA and the proliferation of 5G and VoIP in general could result in more attacks in future, experts say.
The ransomware gang has been seen exploiting a Mitel RCE flaw discovered in VoIP devices in April (and patched in July) to perform double-extortion attacks.