CVE-2022-2070

CRITICAL

Grandstream GSD3710 1.0.11.13 - Stack-based Buffer Overflow via sscanf Parameter Length Mismatch

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-2070. PoCs published by Pepelux.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in Grandstream GSD3710 firmware 1.0.11.13 and lower, leveraging ROP gadgets and a custom ARM reverse shell payload to achieve remote code execution. The payload bypasses memory protections via mprotect and establishes a reverse shell to the attacker's specified IP and port.

Description

In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.

Exploits (1)

exploitdb WORKING POC

by Pepelux · pythonremotemultiple

https://www.exploit-db.com/exploits/52303

View Code ZIP pw:eip

This exploit targets a stack buffer overflow in Grandstream GSD3710 firmware 1.0.11.13 and lower, leveraging ROP gadgets and a custom ARM reverse shell payload to achieve remote code execution. The payload bypasses memory protections via mprotect and establishes a reverse shell to the attacker's specified IP and port.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Grandstream GSD3710 firmware 1.0.11.13 and lower

No auth needed

Prerequisites: Network access to the target device · Knowledge of the target's IP and port · Attacker-controlled server to receive the reverse shell

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_confirm

https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710

Scores

CVSS v3 9.8

EPSS 0.0430

EPSS Percentile 89.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-121 CWE-787

Status published

Products (1)

grandstream/gds3710_firmware 1.0.11.13

Published Sep 23, 2022

Tracked Since Feb 18, 2026