Grandstream GSD3710 Stack-based Buffer Overflow
CVE-2022-2070

9.8CRITICAL

Key Information:

Vendor: Grandstream
Status: Grandstream Gsd3710
Vendor: CVE Published:; 23 September 2022

🔔 Create Grandstream Vulnerability Alert

What is CVE-2022-2070?

In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.

Affected Version(s)

Grandstream GSD3710 1.0.11.13

References

https://www.incibe-cert.es/en/early-warning/security-advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2022
Vulnerability Reserved
Jun 13, 2022

Credit

José Luis Verdeguer Navarro