An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token.
https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-50015