RSS   Vulnerabilities for 'Gxp2200 firmware'   RSS

2019-03-30
 
CVE-2019-10655

CWE-119
 

 
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.

 

 >>> Vendor: Grandstream 29 Products
Budgetone
Budgetone 101
Budgetone 102
Gxp-2000
Budgetone 200
Sip phone
Ht488
Gxv3500
Gxv3501
Gxv3504
Gxv3601
Gxv3601hd/ll
Gxv3611hd/ll
Gxv3615w/p
Gxv3615wp hd
Gxv3651fhd
Gxv3662hd
Gxv device firmware
Gxv3611 hd firmware
WAVE
Ht802 firmware
Gxp1610 firmware
Gxp1615 firmware
Gxp1620 firmware
Gxp1625 firmware
Gxp1628 firmware
Gxp1630 firmware
Gac2500 firmware
Gxp2200 firmware


Copyright 2024, cxsecurity.com

 

Back to Top