How to find Grandstream VoIP phones on your network

Rapid7 disclosed a critical stack-based buffer overflow (CVE-2026-2329, CVSS 9.3) in Grandstream GXP1600-series VoIP phones' /cgi-bin/api.values.get HTTP API that allows unauthenticated remote code execution as root on affected devices (GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, GXP1630) running firmware prior to 1.0.7.81; users are advised to upgrade to 1.0.7.81 or later and can use the provided runZero query to find potentially impacted assets.