Cyber Resilience

CVE-2022-2070

Critical

Published: 23 September 2022

Published
23 September 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0944 93.0th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-2070 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Grandstream Gds3710 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 7.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability CVE-2022-2070 is a stack-based buffer overflow present in Grandstream GSD3710 firmware version 1.0.11.13. It stems from missing length checks on parameters passed to sscanf, allowing an out-of-bounds write. The flaw resides in the dbmng and logsrv daemons that listen on TCP ports 8000 and 8001 by default and is also described by CWE-121 and CWE-787.

An unauthenticated remote attacker can open a socket to either daemon, supply an oversized parameter, and trigger the overflow to execute arbitrary code. Successful exploitation yields a remote shell with full system access, consistent with the CVSS 9.8 rating reflecting network-accessible attack complexity and total confidentiality, integrity, and availability impact.

Public advisories from INCIBE-CERT describe the buffer overflow conditions in the affected Grandstream device. The associated EPSS score has remained flat at 0.0944 with no material rise after disclosure.

EU & UK References

Vulnerability details

In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port…

more

by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

grandstream
gds3710 firmware
1.0.11.13

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References