CVE-2024-32937
https://notcve.org/view.php?id=CVE-2024-32937
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1978 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1978 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-2070 – Grandstream GSD3710 Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-2070
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default. En Grandstream GSD3710 en versión 1.0.11.13, es posible desbordar la pila ya que no comprueba la longitud del parámetro antes de usar la instrucción sscanf. Debido a esto, un atacante podría crear un socket y conectarse con una IP:port remoto abriendo una shell y obteniendo acceso completo al sistema. • https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-2025 – Grandstream GSD3710 Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-2025
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access. un atacante con conocimiento del usuario/pass de Grandstream GSD3710 en versión 1.0.11.13, podría desbordar la pila ya que no comprueba la longitud del parámetro antes de usar la instrucción strcopy. La explotación de esta vulnerabilidad puede conllevar a que un atacante ejecute un shell con acceso total. • https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2021-37915
https://notcve.org/view.php?id=CVE-2021-37915
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host. Se ha detectado un problema en Grandstream HT801 Analog Telephone Adaptor versiones anteriores a 1.0.29.8. Desde el shell de configuración limitada, es posible establecer la variable maliciosa gdb_debug_server. • http://firmware.grandstream.com/BETA/Release_Note_HT80x_1.0.29.8.pdf http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/product/ht801 https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915 •
CVE-2021-37748
https://notcve.org/view.php?id=CVE-2021-37748
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate. Múltiples desbordamientos de búfer en el shell de configuración limitada (/sbin/gs_config) en los dispositivos Grandstream HT801 versiones anteriores a 1.0.29 permiten a usuarios remotos autenticados ejecutar código arbitrario como root por medio de una configuración manage_if diseñada, omitiendo así las restricciones previstas de este shell y tomando el control total del dispositivo. Se presentan credenciales débiles predeterminadas que pueden ser usadas para autenticar • https://github.com/SECFORCE/CVE-2021-37748 http://www.grandstream.com/products/gateways-and-atas/analog-telephone-adaptors/product/ht801 https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915 • CWE-787: Out-of-bounds Write •