Detections
Analytics

Multiple Command Injection Vulnerabilities in Grandstream Products

critical Nessus Plugin ID 123520

Language:

Synopsis

The remote device is vulnerable and can be compromised

Description

Multiple Vulnerabilities in Grandstream devices.

 - The affected devices are: GAC2500, GVC3202, GXP2200, GXV3275, GXV3240, GXV3611IR_HD, GXV3611IR_HD, GXV3611IR_HD, UCM6204, GXV3370, WP820, GWN7000, & GWN7610.

 - A remote command execution vulnerability exists in the 'priority' and 'logserver' parameters. An unauthenticated, remote attacker can exploit them to bypass authentication and execute arbitrary commands with root privileges.

 - A blind command injection vulnerability exists in the 'filename' and 'file-backup' parameters. An unauthenticated, remote attacker can exploit this to bypass authentication and obtain a root shell.

Solution

Update to the fixed version as per the advisory.

See Also

http://www.nessus.org/u?0e9e1acb

Plugin Details

Severity: Critical

ID: 123520

File Name: grandstream_2019_003.nasl

Version: 1.9

Type: remote

Family: Misc.

Published: 4/1/2019

Updated: 2/9/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-10661

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Required KB Items: installed_sw/Grandstream Phone

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/22/2019

Vulnerability Publication Date: 3/22/2019

Exploitable With

Metasploit (Grandstream GXV31XX settimezone Unauthenticated Command Execution)

Reference Information

CVE: CVE-2019-10655, CVE-2019-10656, CVE-2019-10657, CVE-2019-10658, CVE-2019-10659, CVE-2019-10660, CVE-2019-10661, CVE-2019-10662, CVE-2019-10663