Multiple Remote Code Execution Vulnerabilities Found in Grandstream Devices
Multiple security vulnerabilities found in Grandstream devices’ web interfaces include remote code execution and user credentials stored in plaintext.
背景
According to Threatpost, a number of Grandstream telephony and networking devices contain multiple vulnerabilities which could lead to remote code execution (RCE) attacks. Compromised devices would also allow an attacker to install malware, enable video/audio recording, and read all of the locally stored credentials which the devices store in plaintext.
分析
In Trustwave SpiderLabs' original advisory, the different RCE vulnerabilities are explained in detail, including proof-of-concept examples. An attacker could send malicious HTTP requests to the web interface on these devices to take control of them, eavesdrop through audio/video capabilities, and implant malware that the SpiderLabs researchers believe could be used to launch cross-site request forgery (CSRF) attacks.
The list of affected devices and associated firmware can be found below:
Pre-authentication RCE:
- GAC2500 -- F/W version: 1.0.3.30%
- GVC3202 -- F/W version: 1.0.3.51%
- GXP2200 -- F/W version: 1.0.3.27 (end of life product)
- GXV3275 -- F/W version: 1.0.3.210%
- GXV3240 -- F/W version: 1.0.3.210%
Post-Authentication RCE:
- GXV3611IR_HD -- F/W version: 1.0.3.21%
- UCM6204 – F/W version: 1.0.18.12%
- GXV3370 -- F/W version: 1.0.1.33%
- WP820 -- F/W version: 1.0.1.15%
- GWN7000 -- F/W version: 1.0.4.12%
- GWN7610 -- F/W version: 1.0.8.9%
解决方案
Upgrading to the latest firmware version for affected devices reportedly fixes these vulnerabilities. However, SpiderLabs researchers report that the patch for the GAC2500 is insufficient, and that it is possible other devices may still be vulnerable. Disabling the web interface, which is enabled by default, should also mitigate these vulnerabilities.
识别受影响的系统
A list of Nessus plugins to identify these vulnerabilities will appear here as they’re released.
获取更多信息
加入 Tenable Community 中的 Tenable 安全响应团队
了解有关 Tenable 这款首创 Cyber Exposure 平台的更多信息,全面管理现代攻击面。
Get a free 60-day trial of Tenable.io Vulnerability Management.
Ryan Seguin
Security Response Manager
Ryan joined Tenable in 2013 as a customer support engineer assisting customers with technical troubleshooting and product education. After that, he helped create dashboard and report templates for SecurityCenter that users can download through the Tenable.sc feed. Now Ryan is a member of the Security Response team, informing customers of the latest security threats, and providing in-depth analytics for today’s most critical vulnerabilities.
Interests outside of work: Ryan is a retro video game console/arcade hardware enthusiast and modder, and he is also studying Japanese and hopes to one day be fluent.
相关文章
Volt Typhoon: What State and Local Government Officials Need to Know
Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attack paths....
Cybersecurity Snapshot: Guide Unpacks Event-Logging Best Practices, as FAA Proposes Stronger Cyber Rules for Airplanes
Looking to sharpen your team’s event logging and threat detection? A new guide offers plenty of best practices. Plus, the FAA wants airplanes to be more resilient to cyberattacks. Meanwhile, check out the critical vulnerabilities Tenable discovered in two Microsoft AI products. And get the latest on...
Detecting Risky Third-party Drivers on Windows Assets
Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable's new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers....
- Threat Intelligence
- Threat Management
- Vulnerability Management
- Vulnerability Scanning