CVE-2022-2025 CRITICAL

CVE-2022-2025: Grandstream GSD3710 Stack-based Buffer Overflow

Vendor Grandstream
Product Grandstream GSD3710
Weakness CWE-121
Published September 23, 2022
Last update May 22, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.

Key dates

02Disclosure timeline

September 23, 2022 CVE published
May 22, 2025 Record updated