Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.
Published 2019-03-30 17:29:00
Updated 2022-04-18 18:12:34
Source MITRE
View at NVD,   CVE.org
Vulnerability category: OverflowCross-site request forgery (CSRF)Execute code

Products affected by CVE-2019-10655

Exploit prediction scoring system (EPSS) score for CVE-2019-10655

90.25%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2019-10655

  • Grandstream GXV31XX 'settimezone' Unauthenticated Command Execution
    Disclosure Date: 2016-09-01
    First seen: 2022-12-23
    exploit/linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec
    This module exploits a command injection vulnerability in Grandstream GXV31XX IP multimedia phones. The 'settimezone' action does not validate input in the 'timezone' parameter allowing injection of arbitrary commands. A buffer overflow in the 'phonecookie'

CVSS scores for CVE-2019-10655

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2019-10655

References for CVE-2019-10655

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!