CVE-2022-2070

Grandstream GSD3710 Stack-based Buffer Overflow

CVSS 9.8 CRITICALEPSS 4.3%CWE-121

Vexday Risk Score

48Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 4.3%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

23 Sep 2022Published on NVD

25 May 2025Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Grandstream · Grandstream GSD3710

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/52303unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710