CVE-2022-2070 CRITICAL

CVE-2022-2070: Grandstream GSD3710 Stack-based Buffer Overflow

Vendor Grandstream
Product Grandstream GSD3710
Weakness CWE-121
Published September 23, 2022
Last update May 22, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.

Key dates

02Disclosure timeline

September 23, 2022 CVE published
May 22, 2025 Record updated