CVE-2022-2025

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:grandstream:gds3710_firmware:1.0.11.13:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gds3710:-:*:*:*:*:*:*:*

History

26 Sep 2022, 22:37

Type	Values Removed	Values Added
References	~~(CONFIRM) https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710 -~~	(CONFIRM) https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710 - Third Party Advisory
CWE		CWE-787
CPE		cpe:2.3:h:grandstream:gds3710:-:::::::* cpe:2.3:o:grandstream:gds3710_firmware:1.0.11.13:::::::*
First Time		Grandstream Grandstream gds3710 Firmware Grandstream gds3710
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

23 Sep 2022, 16:31

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-23 16:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-2025

Mitre link : CVE-2022-2025

CVE.ORG link : CVE-2022-2025

JSON object : View

Products Affected

grandstream

gds3710_firmware
gds3710

CWE

CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2022-2025", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-09-23T16:15:10.597", "references": [{"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access."}, {"lang": "es", "value": "un atacante con conocimiento del usuario/pass de Grandstream GSD3710 en versi\u00f3n 1.0.11.13, podr\u00eda desbordar la pila ya que no comprueba la longitud del par\u00e1metro antes de usar la instrucci\u00f3n strcopy. La explotaci\u00f3n de esta vulnerabilidad puede conllevar a que un atacante ejecute un shell con acceso total.\n"}], "lastModified": "2022-09-26T22:37:06.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:gds3710_firmware:1.0.11.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB284370-1D95-46FE-B745-E8277B04C08D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:gds3710:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "222663C8-CD2A-41DC-BD34-4EDBDE59A932"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve-coordination@incibe.es"}