Buffer overflow vulnerabilities in Grandstream GSD3710

Posted date 20/09/2022
Identificador

INCIBE-2022-0925

Importance
5 - Critical
Affected Resources

Grandstream GSD3710, version 1.0.11.13.

Description

INCIBE has coordinated the publication of 2 vulnerabilities in Grandstream GSD3710, with the internal code INCIBE-2022-0925, which have been discovered by José Luis Verdeguer Navarro.

These vulnerabilities have been assigned the codes:

  • CVE-2022-2070. A CVSS v3.1 base score of 9,8 has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
  • CVE-2022-2025. A CVSS v3.1 base score of 9,8 has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Solution

The vulnerabilities have been resolved by Grandstream in version 1.0.11.23.

Detail
  • CVE-2022-2070: in Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before use the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.
  • CVE-2022-2025: an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.

Both vulnerabilities are of the type CWE-121: stack-based buffer overflow.

If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE assignment and publication.

Encuesta valoración

References list