CVE-2022-2070
Grandstream GSD3710 Stack-based Buffer Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.
En Grandstream GSD3710 en versión 1.0.11.13, es posible desbordar la pila ya que no comprueba la longitud del parámetro antes de usar la instrucción sscanf. Debido a esto, un atacante podría crear un socket y conectarse con una IP:port remoto abriendo una shell y obteniendo acceso completo al sistema. La explotación afecta a los demonios dbmng y logsrv que son ejecutados en los puertos 8000 y 8001 por defecto.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-13 CVE Reserved
- 2022-09-23 CVE Published
- 2024-04-12 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Grandstream Search vendor "Grandstream" | Gds3710 Firmware Search vendor "Grandstream" for product "Gds3710 Firmware" | 1.0.11.13 Search vendor "Grandstream" for product "Gds3710 Firmware" and version "1.0.11.13" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gds3710 Search vendor "Grandstream" for product "Gds3710" | - | - |
Safe
|