module
Grandstream GXV31XX 'settimezone' Unauthenticated Command Execution
| Disclosed |
|---|
| Sep 1, 2016 |
Disclosed
Sep 1, 2016
Description
This module exploits a command injection vulnerability in Grandstream GXV31XX
IP multimedia phones. The 'settimezone' action does not validate input in the
'timezone' parameter allowing injection of arbitrary commands.
A buffer overflow in the 'phonecookie' cookie parsing allows authentication
to be bypassed by providing an alphanumeric cookie 93 characters in length.
This module was tested successfully on Grandstream models:
GXV3175v2 hardware revision V2.6A with firmware version 1.0.1.19; and
GXV3140 hardware revision V0.4B with firmware version 1.0.1.27.
IP multimedia phones. The 'settimezone' action does not validate input in the
'timezone' parameter allowing injection of arbitrary commands.
A buffer overflow in the 'phonecookie' cookie parsing allows authentication
to be bypassed by providing an alphanumeric cookie 93 characters in length.
This module was tested successfully on Grandstream models:
GXV3175v2 hardware revision V2.6A with firmware version 1.0.1.19; and
GXV3140 hardware revision V0.4B with firmware version 1.0.1.27.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.