Описание
The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4.
Ссылки
- Exploit
- Third Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
- Product
- Exploit
- Third Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:magicjack:a921_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:magicjack:a921:3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.00061
Низкий
6.6 Medium
CVSS3
Дефекты
CWE-269
CWE-863
Связанные уязвимости
CVSS3: 6.6
github
почти 3 года назад
Insecure Permissions vulnerability found in MagicJack A921 USB Phone Jack Rev 3.0 v.1.4 allows a physically proximate attacker to escalate privileges and gain access to sensitive information via the NAND flash memory.
EPSS
Процентиль: 19%
0.00061
Низкий
6.6 Medium
CVSS3
Дефекты
CWE-269
CWE-863