Brendan Scarvell

8 exploits Active since Mar 2019
CVE-2019-10656 WRITEUP HIGH WORKING POC
Grandstream Gwn7000 Firmware < 1.0.6.32 - OS Command Injection
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.
CVSS 8.8
CVE-2019-10657 WRITEUP MEDIUM WORKING POC
Grandstream Gwn7610 Firmware < 1.0.8.18 - OS Command Injection
Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.
CVSS 6.5
CVE-2019-10658 WRITEUP HIGH WORKING POC
Grandstream Gwn7610 Firmware < 1.0.8.18 - OS Command Injection
Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.
CVSS 8.8
CVE-2019-10659 WRITEUP HIGH WORKING POC
Grandstream Gxv3370 Firmware < 1.0.1.41 - OS Command Injection
Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.
CVSS 8.8
CVE-2019-10660 WRITEUP HIGH WORKING POC
Grandstream Gxv3611ir HD Firmware < 1.0.3.23 - OS Command Injection
Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.
CVSS 8.8
CVE-2019-10661 WRITEUP CRITICAL WORKING POC
Grandstream Gxv3611ir HD Firmware < 1.0.3.23 - Authentication Bypass
On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password.
CVSS 9.8
CVE-2019-10662 WRITEUP HIGH WORKING POC
Grandstream UCM62xx IP PBX sendPasswordEmail RCE
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.
CVSS 8.8
CVE-2019-10655 METASPLOIT CRITICAL ruby WORKING POC
Grandstream Gac2500 Firmware < 1.0.3.35 - Memory Corruption
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.
CVSS 9.8