Multiple Remote Code Execution Vulnerabilities Found in Grandstream Devices
Multiple security vulnerabilities found in Grandstream devices’ web interfaces include remote code execution and user credentials stored in plaintext.
Background
According to Threatpost, a number of Grandstream telephony and networking devices contain multiple vulnerabilities which could lead to remote code execution (RCE) attacks. Compromised devices would also allow an attacker to install malware, enable video/audio recording, and read all of the locally stored credentials which the devices store in plaintext.
التحليل
In Trustwave SpiderLabs' original advisory, the different RCE vulnerabilities are explained in detail, including proof-of-concept examples. An attacker could send malicious HTTP requests to the web interface on these devices to take control of them, eavesdrop through audio/video capabilities, and implant malware that the SpiderLabs researchers believe could be used to launch cross-site request forgery (CSRF) attacks.
The list of affected devices and associated firmware can be found below:
Pre-authentication RCE:
- GAC2500 -- F/W version: 1.0.3.30
- GVC3202 -- F/W version: 1.0.3.51
- GXP2200 -- F/W version: 1.0.3.27 (end of life product)
- GXV3275 -- F/W version: 1.0.3.210
- GXV3240 -- F/W version: 1.0.3.210
Post-Authentication RCE:
- GXV3611IR_HD -- F/W version: 1.0.3.21
- UCM6204 – F/W version: 1.0.18.12
- GXV3370 -- F/W version: 1.0.1.33
- WP820 -- F/W version: 1.0.1.15
- GWN7000 -- F/W version: 1.0.4.12
- GWN7610 -- F/W version: 1.0.8.9
Solution
Upgrading to the latest firmware version for affected devices reportedly fixes these vulnerabilities. However, SpiderLabs researchers report that the patch for the GAC2500 is insufficient, and that it is possible other devices may still be vulnerable. Disabling the web interface, which is enabled by default, should also mitigate these vulnerabilities.
Identifying affected systems
A list of Nessus plugins to identify these vulnerabilities will appear here as they’re released.
الحصول على مزيد من المعلومات
Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.
Get a free 60-day trial of Tenable.io Vulnerability Management.
مقالات ذات صلة
Cybersecurity Snapshot: Guide Unpacks Event-Logging Best Practices, as FAA Proposes Stronger Cyber Rules for Airplanes
August 23, 2024Looking to sharpen your team’s event logging and threat detection? A new guide offers plenty of best practices. Plus, the FAA wants airplanes to be more resilient to cyberattacks. Meanwhile, check out the critical vulnerabilities Tenable discovered in two Microsoft AI products. And get the latest on ransomware trends, vulnerability management practices and election security!
Detecting Risky Third-party Drivers on Windows Assets
August 7, 2024Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable's new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers.
Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach
August 6, 2024As AI transforms industries, security remains critical. Discover the importance of a security-first approach in AI development, the risks of open-source tools, and how Tenable's solutions can help protect your systems.
Cybersecurity Snapshot: Guide Unpacks Event-Logging Best Practices, as FAA Proposes Stronger Cyber Rules for Airplanes
August 23, 2024Looking to sharpen your team’s event logging and threat detection? A new guide offers plenty of best practices. Plus, the FAA wants airplanes to be more resilient to cyberattacks. Meanwhile, check out the critical vulnerabilities Tenable discovered in two Microsoft AI products. And get the latest on ransomware trends, vulnerability management practices and election security!
SSRFing the Web with the Help of Copilot Studio
August 20, 2024Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact.
Cybersecurity Snapshot: First Quantum-resistant Algorithms Ready for Use, While New AI Risks’ Database Is Unveiled
August 16, 2024NIST has released the first encryption algorithms that can protect data against quantum attacks. Plus, MIT launched a new database of AI risks. Meanwhile, the CSA published a paper outlining the unique risks involved in building systems that use LLMs. And get the latest on Q2’s most prevalent malware, the Radar/Dispossessor ransomware gang and CVE severity assessments!
- Threat Intelligence
- Threat Management
- Vulnerability Management
- Vulnerability Scanning