CVE-2022-2070
Published: 23 September 2022
Summary
CVE-2022-2070 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Grandstream Gds3710 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 7.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability CVE-2022-2070 is a stack-based buffer overflow present in Grandstream GSD3710 firmware version 1.0.11.13. It stems from missing length checks on parameters passed to sscanf, allowing an out-of-bounds write. The flaw resides in the dbmng and logsrv daemons that listen on TCP ports 8000 and 8001 by default and is also described by CWE-121 and CWE-787.
An unauthenticated remote attacker can open a socket to either daemon, supply an oversized parameter, and trigger the overflow to execute arbitrary code. Successful exploitation yields a remote shell with full system access, consistent with the CVSS 9.8 rating reflecting network-accessible attack complexity and total confidentiality, integrity, and availability impact.
Public advisories from INCIBE-CERT describe the buffer overflow conditions in the affected Grandstream device. The associated EPSS score has remained flat at 0.0944 with no material rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-34362
Vulnerability details
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port…
more
by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.