Primary

Context

Grandstream Wave DLL Search Order Hijacking Vulnerability Allowing Arbitrary Code Execution on Windows 11

Vulnerability

A DLL search order hijacking vulnerability has been identified in the Wave application by Grandstream Networks, specifically in the executable wave.exe for Windows 11, version 1.27.8. This vulnerability allows local attackers to execute arbitrary code by placing a file in the 'C:\Users<user>\AppData\Local\Temp' directory. The issue could lead to unauthorized code execution and persistence. Notably, this vulnerability is only present in Windows 11 and does not affect earlier versions.

Impact

Exploitation of this vulnerability could result in arbitrary code execution with persistence on the affected system.

Remediation

Users can upgrade to Grandstream Wave version 1.27.11 to address this vulnerability.

Added: Sep 10, 2025, 12:16 PM

Updated: Sep 10, 2025, 12:16 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grandstream Wave DLL Search Order Hijacking Vulnerability Allowing Arbitrary Code Execution on Windows 11

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating