Buffer overflow vulnerabilities in Grandstream GSD3710
Posted date 20/09/2022
Identificador
INCIBE-2022-0925
Importance
5 - Critical
Affected Resources
Grandstream GSD3710, version 1.0.11.13.
Description
INCIBE has coordinated the publication of 2 vulnerabilities in Grandstream GSD3710, with the internal code INCIBE-2022-0925, which have been discovered by José Luis Verdeguer Navarro.
These vulnerabilities have been assigned the codes:
- CVE-2022-2070. A CVSS v3.1 base score of 9,8 has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
- CVE-2022-2025. A CVSS v3.1 base score of 9,8 has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Solution
The vulnerabilities have been resolved by Grandstream in version 1.0.11.23.
Detail
- CVE-2022-2070: in Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before use the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.
- CVE-2022-2025: an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.
Both vulnerabilities are of the type CWE-121: stack-based buffer overflow.
If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE assignment and publication.
References list
Etiquetas