Описание
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:grandstream:gxp2135_firmware:1.0.9.129:*:*:*:*:*:*:*
cpe:2.3:o:grandstream:gxp2135_firmware:1.0.11.74:*:*:*:*:*:*:*
cpe:2.3:o:grandstream:gxp2135_firmware:1.0.11.79:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:gxp2135:-:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06084
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8.1
github
больше 1 года назад
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.
EPSS
Процентиль: 91%
0.06084
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-78