exploitDog

CVE-2022-2025

Опубликовано: 23 сент. 2022

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.

Ссылки

https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710
Third Party Advisory
https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:grandstream:gds3710_firmware:1.0.11.13:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gds3710:-:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.11321

Средний

9.8 Critical

CVSS3

Дефекты

CWE-121

CWE-787

Связанные уязвимости

GHSA-3qjj-8gwh-qxvc

CVSS3: 9.8

github

больше 3 лет назад

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.

EPSS

Процентиль: 93%

0.11321

Средний

9.8 Critical

CVSS3

Дефекты

CWE-121

CWE-787