CVE-2019-10655
Grandstream GXV31XX settimezone Unauthenticated Command Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.
Los dispositivos de Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 anteriores a la versión 1.0.3.219 Beta y GXV3240 anteriores a la 1.0.3.219 Beta permiten la ejecución remota de código mediante metacaracteres shell en un campo "priority" en /manager?action=getlogcat, en conjunto con un desbordamiento de búfer (mediante la cookie "phonecookie") para sobrescribir una estructura de datos y, por consiguiente, omitir la autenticación. Esto puede explotarse mediante Cross-Site Request Forgery (CSRF) debido a que se puede colocar la cookie en una cabecera HTTP "Accept" en una llamada XMLHttpRequest a lighttpd.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-30 CVE Reserved
- 2019-03-30 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-10-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Grandstream Search vendor "Grandstream" | Gac2500 Firmware Search vendor "Grandstream" for product "Gac2500 Firmware" | <= 1.0.3.35 Search vendor "Grandstream" for product "Gac2500 Firmware" and version " <= 1.0.3.35" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gac2500 Search vendor "Grandstream" for product "Gac2500" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gvc3202 Firmware Search vendor "Grandstream" for product "Gvc3202 Firmware" | < 1.0.3.51 Search vendor "Grandstream" for product "Gvc3202 Firmware" and version " < 1.0.3.51" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gvc3202 Search vendor "Grandstream" for product "Gvc3202" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3275 Firmware Search vendor "Grandstream" for product "Gxv3275 Firmware" | < 1.0.3.219 Search vendor "Grandstream" for product "Gxv3275 Firmware" and version " < 1.0.3.219" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3275 Search vendor "Grandstream" for product "Gxv3275" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3240 Firmware Search vendor "Grandstream" for product "Gxv3240 Firmware" | < 1.0.3.219 Search vendor "Grandstream" for product "Gxv3240 Firmware" and version " < 1.0.3.219" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3240 Search vendor "Grandstream" for product "Gxv3240" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxp2200 Firmware Search vendor "Grandstream" for product "Gxp2200 Firmware" | <= 1.0.3.27 Search vendor "Grandstream" for product "Gxp2200 Firmware" and version " <= 1.0.3.27" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxp2200 Search vendor "Grandstream" for product "Gxp2200" | - | - |
Safe
|