Lucene search

INCIBECVELIST:CVE-2022-2025

HistorySep 23, 2022 - 3:06 p.m.

CVE-2022-2025 Grandstream GSD3710 Stack-based Buffer Overflow

2022-09-2315:06:54

CWE-121

INCIBE

www.cve.org

grandstream gsd3710

stack-based

buffer overflow

version 1.0.11.13

exploitation

shell access

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

57.7%

JSON

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn’t check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.

CNA Affected

[
  {
    "product": "Grandstream GSD3710",
    "vendor": "Grandstream",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.11.13"
      }
    ]
  }
]

References

www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

57.7%

JSON

Related for CVELIST:CVE-2022-2025