CVE-2022-2025

Published Sep 23, 2022

Last updated 6 months ago

CVSS critical 9.8

Overview

Description: an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.
Source: cve-coordination@incibe.es
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

cve-coordination@incibe.es: CWE-121
nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:grandstream:gds3710_firmware:1.0.11.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB284370-1D95-46FE-B745-E8277B04C08D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:grandstream:gds3710:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "222663C8-CD2A-41DC-BD34-4EDBDE59A932"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References