CVE-2024-32937

An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...

CVE-2024-32937

An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...

CVE-2024-32937

An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...

CVE-2024-32937

Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection (CVE-2024-32937) affects GXP2135 devices (firmware 1.0.9.129, 1.0.11.74, 1.0.11.79). The vulnerability stems from an unfiltered TimeZone parameter processed in the CWMP handler (set_selfdefinedtimezone_value) which builds and execu...

Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection vulnerability

Talos Vulnerability Report TALOS-2024-1978 Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection vulnerability July 3, 2024 CVE Number CVE-2024-32937 SUMMARY An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129,...