Grandstream GXV3175 Unauthenticated Command Execution

Posted by deepcore on January 21, 2022 – 11:21 am

This Metasploit module exploits a command injection vulnerability in Grandstream GXV3175 IP multimedia phones. The settimezone action does not validate input in the timezone parameter allowing injection of arbitrary commands. A buffer overflow in the phonecookie cookie parsing allows authentication to be bypassed by providing an alphanumeric cookie 93 characters in length. This module was tested successfully on Grandstream GXV3175v2 hardware revision V2.6A with firmware version 1.0.1.19.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Grandstream GXV3175 Unauthenticated Command Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL