CVE-2022-2025

Grandstream GSD3710 Stack-based Buffer Overflow

CVSS 9.8 CRITICALEPSS 4.0%CWE-121

Vexday Risk Score

48Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 4.0%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

23 Sep 2022Published on NVD

05 Jun 2025Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Grandstream · Grandstream GSD3710

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/52313unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710