module

Grandstream GXV3175 'settimezone' Unauthenticated Command Execution

Try Surface Command
Back to search
Disclosed
2016-09-01
Created
2022-01-19

Description

This module exploits a command injection vulnerability in Grandstream GXV3175
IP multimedia phones. The 'settimezone' action does not validate input in the
'timezone' parameter allowing injection of arbitrary commands.

A buffer overflow in the 'phonecookie' cookie parsing allows authentication
to be bypassed by providing an alphanumeric cookie 93 characters in length.

This module was tested successfully on Grandstream GXV3175v2
hardware revision V2.6A with firmware version 1.0.1.19.

Authors

alhazred
Brendan Scarvell
bcoles bcoles@gmail.com

Platform

Linux

Architectures

armle

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/linux/http/grandstream_gxv3175_settimezone_unauth_cmd_exec
    msf exploit(grandstream_gxv3175_settimezone_unauth_cmd_exec) > show targets
        ...targets...
    msf exploit(grandstream_gxv3175_settimezone_unauth_cmd_exec) > set TARGET < target-id >
    msf exploit(grandstream_gxv3175_settimezone_unauth_cmd_exec) > show options
        ...show and set options...
    msf exploit(grandstream_gxv3175_settimezone_unauth_cmd_exec) > exploit
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today