| ID | 1090501643 |
| Created | Jan 15, 2023 |
| Updated | Jan 15, 2023 |
| Outbreak Alert | Zerobot Attack |
| Severity |
|
| Default Action | pass |
| Active |
|
| Affected OS | Other |
| Affected App | Other |
| Engine Version | 5.0.0 or later |
Legend
| Enabled/Available |
|
| Disabled/Not Available |
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2023-01-16 | 0.00339 |
Refine Search
Threat Encyclopedia
Grandstream.Devices.Invalid.Phonecookie.Command.Injection
Description
This indicates an attack attempt to exploit a Command Execution vulnerability in multiple Grandstream devices.
The vulnerability is caused by an error when the vulnerable software handles a malicious HTTP request. A remote attacker may be able to exploit this to execute arbitrary code on vulnerable systems.
Affected Products
Grandstream GAC2500 1.0.3.35
Grandstream GXP2200 1.0.3.27
Grandstream GVC3202 1.0.3.51
Grandstream GXV3275 before 1.0.3.219 Beta
Grandstream GXV3240 before 1.0.3.219 Beta
Impact
System Compromise: Remote attackers can gain control of vulnerable system.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://www.grandstream.com/