CVE-2022-2070: Grandstream GSD3710 Stack-based Buffer Overflow
First published: Fri Sep 23 2022(Updated: )
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.
Credit: cve-coordination@incibe.es
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Grandstream Gds3710 Firmware | =1.0.11.13 | |
| Grandstream Gds3710 |
Remedy
This vulnerability has been solved by Grandstream in the 1.0.11.23 version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-2070.
What is the severity of CVE-2022-2070?
The severity of CVE-2022-2070 is critical.
How does CVE-2022-2070 affect Grandstream GSD3710?
CVE-2022-2070 affects Grandstream GSD3710 in its 1.0.11.13 version.
How can an attacker exploit CVE-2022-2070?
An attacker can exploit CVE-2022-2070 by creating a socket and connecting with a remote IP:port.
Is there a fix for CVE-2022-2070?
There is no available fix for CVE-2022-2070 at the moment, please refer to the official vendor for updates.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/author
- agent/last-modified-date
- agent/title
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/grandstream
- canonical/grandstream gds3710 firmware
- version/grandstream gds3710 firmware/1.0.11.13
- canonical/grandstream gds3710