10 matches found
EUVD-2024-30706
Malicious code in bioql PyPI...
CVE-2024-32937
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...
CVE-2024-32937
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...
CVE-2024-32937
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...
CVE-2024-32937
Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection (CVE-2024-32937) affects GXP2135 devices (firmware 1.0.9.129, 1.0.11.74, 1.0.11.79). The vulnerability stems from an unfiltered TimeZone parameter processed in the CWMP handler (set_selfdefinedtimezone_value) which builds and execu...
CVE-2024-32937
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...
CVE-2024-32937
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...
Grandstream GXP2135 Operating System Command Injection Vulnerability
The Grandstream GXP2135 is an enterprise-grade color screen IP phone from Grandstream. An operating system command injection vulnerability exists in the Grandstream GXP2135 versions 1.0.9.129, 1.0.11.74, and 1.0.11.79, which originates from specially crafted network packets that can lead to...
PT-2024-24989 · Grandstream · Grandstream Gxp2135
Name of the Vulnerable Software and Affected Versions: Grandstream GXP2135 versions 1.0.9.129 through 1.0.11.79 Description: An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality. A specially crafted network packet can lead to arbitrary command execution. An...
Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1978 Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection vulnerability July 3, 2024 CVE Number CVE-2024-32937 SUMMARY An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129,...