Lucene search

[email protected]NVD:CVE-2022-2025

HistorySep 23, 2022 - 4:15 p.m.

CVE-2022-2025

2022-09-2316:15:10

CWE-121

CWE-787

[email protected]

web.nvd.nist.gov

grandstream gsd3710

stack overflow

exploitation

full access

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.7%

JSON

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn’t check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.

Affected configurations

Nvd

Node

grandstreamgds3710Match-

AND

grandstreamgds3710_firmwareMatch1.0.11.13

VendorProductVersionCPE
grandstreamgds3710-cpe:2.3:h:grandstream:gds3710:-:*:*:*:*:*:*:*
grandstreamgds3710_firmware1.0.11.13cpe:2.3:o:grandstream:gds3710_firmware:1.0.11.13:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
grandstream	gds3710	-	cpe:2.3:h:grandstream:gds3710:-:::::::*
grandstream	gds3710_firmware	1.0.11.13	cpe:2.3:o:grandstream:gds3710_firmware:1.0.11.13:::::::*

References

www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.7%

JSON

Related for NVD:CVE-2022-2025

prion1 cvelist1 cve1