CVE-2023-30024

Name of the Vulnerable Software and Affected Versions MagicJack A921 USB Phone Jack versions prior to Rev 3.0 V1.4

Description The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer.

Recommendations For versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4, update the firmware to Rev 3.0 V1.4 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the device to minimize the risk of exploitation.