CVE-2022-2070

Name: CVE-2022-2070
Creator: NVD / NIST
Published: 2022-09-23T16:15:10.653+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 4.30%

Last modified Jun 17, 2026

CVE-2022-2070 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. EPSS estimates a 4.30% chance of exploitation in the next 30 days.

Description

In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

4.30%

89.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Grandstream	Gds3710 Firmware	1.0.11.13

References

https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710Third Party Advisory
https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710Third Party Advisory

Timeline

Published: Sep 23, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-2070?

How severe is CVE-2022-2070?

CVE-2022-2070 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 4.30% probability of exploitation in the next 30 days.

How do I fix CVE-2022-2070?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-2070?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST