Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Gxp2200 firmware'
2019-03-30
CVE-2019-10655
CWE-119
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.
>>>
Vendor:
Grandstream
29
Products
Budgetone
Budgetone 101
Budgetone 102
Gxp-2000
Budgetone 200
Sip phone
Ht488
Gxv3500
Gxv3501
Gxv3504
Gxv3601
Gxv3601hd/ll
Gxv3611hd/ll
Gxv3615w/p
Gxv3615wp hd
Gxv3651fhd
Gxv3662hd
Gxv device firmware
Gxv3611 hd firmware
WAVE
Ht802 firmware
Gxp1610 firmware
Gxp1615 firmware
Gxp1620 firmware
Gxp1625 firmware
Gxp1628 firmware
Gxp1630 firmware
Gac2500 firmware
Gxp2200 firmware
Copyright
2024
, cxsecurity.com
Back to Top