Lucene search
MitreCVELIST:CVE-2019-10655HistoryMar 30, 2019 - 4:42 p.m.
CVE-2019-10655
2019-03-3016:42:06
mitre
raw.githubusercontent.com
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.
Related
attackerkb
attackerkb
CVE-2019-10655
2019-03-30 00:00:00
checkpoint_advisories
checkpoint_advisories
Grandstream Multiple Products Authentication Bypass (CVE-2019-10655)
2021-01-25 00:00:00
prion
prion
Authentication flaw
2019-03-30 17:29:00
packetstorm
packetstorm
Grandstream GXV3175 Unauthenticated Command Execution
2022-01-20 00:00:00
Grandstream GXV31XX settimezone Unauthenticated Command Execution
2022-02-09 00:00:00
cve
cve
CVE-2019-10655
2019-03-30 17:29:00
zdt
zdt
Grandstream GXV31XX settimezone Unauthenticated Command Execution Exploit
2022-02-09 00:00:00
Grandstream GXV3175 Unauthenticated Command Execution Exploit
2022-01-20 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-01-21 20:08:55
nessus
nessus
Multiple Command Injection Vulnerabilities in Grandstream Products
2019-04-19 00:00:00
Multiple Command Injection Vulnerabilities in Grandstream Products
2019-04-01 00:00:00
thn
thn
mmpc
mmpc
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00
mssecure
mssecure
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00