CVE-2022-2025

CRITICAL

Grandstream Gds3710 Firmware - Out-of-Bounds Write

Title source: rule

Description

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.

Exploits (1)

exploitdb WORKING POC

by Pepelux · pythonremotemultiple

https://www.exploit-db.com/exploits/52313

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710

Scores

CVSS v3 9.8

EPSS 0.1132

EPSS Percentile 93.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-121 CWE-787

Status published

Products (1)

grandstream/gds3710_firmware 1.0.11.13

Published Sep 23, 2022

Tracked Since Feb 18, 2026