In the latest episode of ‘Your Devices Hate You’, Grandstream’s GXP1600 VoIP phones have decided to join the thrilling reality show of being wide open to attackers. Apparently, these phones have careers in Hollywood as anyone can seize control of them, no audition required.

Experts have discovered the vulnerability tagged as CVE-2026-2329, with a CVSS score of 9.3, which is just shy of the ‘Oops, We Did It Again’ award. This flaw operates with all the slickness of a late-night infomercial: a stack-based buffer overflow that sells itself with zero authentication needed.

While some might argue that this is just a creative way of updating your phone’s firmware remotely, others suggest it’s more akin to leaving your house keys under a doormat with a neon sign that says ‘Welcome, Hackers!’ But hey, at least no one can say cybersecurity isn’t exciting!