CVE-2022-2025

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Grandstream GSD3710 version 1.0.11.13

Description The issue allows an attacker with knowledge of user and password to overflow the stack, as it does not check the parameter length before using the strcopy instruction. This could lead to an attacker executing a shell with full access.

Recommendations For Grandstream GSD3710 version 1.0.11.13, consider restricting access to the device until a patch is available, and ensure that all user credentials are securely managed to minimize the risk of exploitation. As a temporary workaround, consider disabling any functionality that uses the strcopy instruction until a patch is available.

Exploit

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

CVE-2022-2025

Affected Products

Grandstream Gsd3710

CVE-2022-2025

Weakness Enumeration

Related Identifiers

Affected Products

References · 6