Multiple Remote Code Execution Vulnerabilities Found in Grandstream Devices
Multiple security vulnerabilities found in Grandstream devices’ web interfaces include remote code execution and user credentials stored in plaintext.
Hintergrund
According to Threatpost, a number of Grandstream telephony and networking devices contain multiple vulnerabilities which could lead to remote code execution (RCE) attacks. Compromised devices would also allow an attacker to install malware, enable video/audio recording, and read all of the locally stored credentials which the devices store in plaintext.
Analyse
In Trustwave SpiderLabs' original advisory, the different RCE vulnerabilities are explained in detail, including proof-of-concept examples. An attacker could send malicious HTTP requests to the web interface on these devices to take control of them, eavesdrop through audio/video capabilities, and implant malware that the SpiderLabs researchers believe could be used to launch cross-site request forgery (CSRF) attacks.
The list of affected devices and associated firmware can be found below:
Pre-authentication RCE:
- GAC2500 -- F/W version: 1.0.3.30
- GVC3202 -- F/W version: 1.0.3.51
- GXP2200 -- F/W version: 1.0.3.27 (end of life product)
- GXV3275 -- F/W version: 1.0.3.210
- GXV3240 -- F/W version: 1.0.3.210
Post-Authentication RCE:
- GXV3611IR_HD -- F/W version: 1.0.3.21
- UCM6204 – F/W version: 1.0.18.12
- GXV3370 -- F/W version: 1.0.1.33
- WP820 -- F/W version: 1.0.1.15
- GWN7000 -- F/W version: 1.0.4.12
- GWN7610 -- F/W version: 1.0.8.9
Lösung
Upgrading to the latest firmware version for affected devices reportedly fixes these vulnerabilities. However, SpiderLabs researchers report that the patch for the GAC2500 is insufficient, and that it is possible other devices may still be vulnerable. Disabling the web interface, which is enabled by default, should also mitigate these vulnerabilities.
Identifizieren betroffener Systeme
A list of Nessus plugins to identify these vulnerabilities will appear here as they’re released.
Weitere Informationen
Verfolgen Sie die Beiträge des Security Response Team von Tenable in der Tenable Community.
Erfahren Sie mehr über Tenable, die erste Cyber Exposure-Plattform für die ganzheitliche Verwaltung Ihrer modernen Angriffsoberfläche.
Get a free 60-day trial of Tenable.io Vulnerability Management.
Verwandte Artikel
- Threat Intelligence
- Threat Management
- Vulnerability Management
- Vulnerability Scanning