← back
CVE-2023-30024

CVE-2023-30024

EPSS 0.5%CWE-863
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Apr 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://drive.google.com/drive/folders/1cKd8hksThK610GPtBQ3du8DEkwKywlAi?usp=sharinghttps://pastebin.com/raw/irWcawp8https://samuraisecurity.co.uk/red-teaming-0x01-click-rce-via-voip-usb/https://www.magicjack.com/