CVE-2022-2025
published 2022-09-23CVE-2022-2025: an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.01%
89.3th percentile
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| grandstream | gds3710_firmware | — | — |
| grandstream | grandstream_gsd3710 | — | — |
| linux | linux_kernel | >= 0 < 4.15.0-246.258 | 4.15.0-246.258 |
| msrc | cbl2_kernel_5.15.182.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_unbound_1.16.3-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_unbound_1.10.0-5_on_cbl_mariner_1.0 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor SSH (port 22) login attempts to Grandstream GSD3710 devices followed immediately by shell command execution — the exploit authenticates via SSH then sends an oversized 'ping' command payload (320+ bytes of padding) to trigger the stack overflow. ↗
- →Detect SSH sessions to GSD3710 devices where a single command line exceeds ~320 bytes, particularly commands beginning with 'ping ' followed by a large buffer — this is the exact exploit trigger pattern. ↗
- →Alert on post-exploitation 'id' command execution immediately after an oversized ping command on GSD3710 SSH sessions; the exploit checks for 'root' in the response to confirm shell access. ↗
- →Flag repeated SSH connection attempts (brute-loop) to the same GSD3710 device — the exploit loops incrementing a counter until ROP chain succeeds, producing an unusual pattern of rapid SSH reconnections. ↗
- ·The exploit requires valid credentials (username + password) for the target device before the stack overflow can be triggered — this is an authenticated vulnerability, so credential hygiene and SSH access restrictions are critical mitigating controls. ↗
- ·The ROP chain uses a hardcoded libc base address (0x76bb8000), meaning the exploit is only reliable against firmware 1.0.11.13 and lower with no ASLR; different firmware versions or ASLR-enabled builds would require a different chain. ↗
- ·The exploit checks for and aborts on bad characters (0x0d, 0x0a, 0x3b, 0x7c, 0x20) in the payload — payloads containing these bytes will not be sent, which may affect signature-based detection relying on those characters. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv5.5MEDIUM
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities
osv·2026-01-29·CVSS 5.5
CVE-2022-48986 linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- NVME drivers;
- File systems infrastructure;
- Timer subsystem;
- Memory management;
- Packet sockets;
(CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195,
CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)
GHSA
GHSA-3qjj-8gwh-qxvc: an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1
ghsa_unreviewed·2022-09-25
CVE-2022-2025 [CRITICAL] CWE-787 GHSA-3qjj-8gwh-qxvc: an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.
Microsoft
scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
vendor_msrc·2025-02-11·CVSS 7.8
CVE-2022-49535 [HIGH] CWE-416 scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Linux: Linux
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Microsoft
NRDelegation Attack
vendor_msrc·2022-09-13·CVSS 7.5
CVE-2022-3204 [HIGH] CWE-400 NRDelegation Attack
NRDelegation Attack
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
NLnet Labs: NLnet Labs
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure
No detection rules found.
Checkpoint
31st October – Threat Intelligence Report
blogs_checkpoint·2022-10-31
CVE-2022-3723 31st October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 31st October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 31st October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
US-based communications company Twilio has disclosed a new data breach that occurred on June 2022 allegedly by the same threat actors behind the August hack. The hackers have used voice phishing to trick a Twilio employee into handling over their credentials, which the hackers then used to access customer information.
Cu
Checkpoint
10th October – Threat Intelligence Report
blogs_checkpoint·2022-10-10
CVE-2022-41352 10th October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 10th October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 10th October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
CommonSpirit Health, the second-largest nonprofit hospital chain in the U.S with 140 hospitals and over 1,000 facilities in 21 states, suffered a cybersecurity incident that disrupted medical services across the country. Facilities in Iowa, Nebraska, Tennessee and Washington were among those affected. The nature of the at
Checkpoint
28th June – Threat Intelligence Report
blogs_checkpoint·2021-06-28
CVE-2021-21998 28th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 28th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 28th June, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Russian-based threat group Nobelium is using password spraying and brute force attacks to gain access to corporate networks. The group, which was behind the SolarWinds supply-chain attack, deployed an information-stealing Trojan on a Microsoft customer support agent’s computer to steal information. Over half of the targets were
Wiz
CVE-2022-50689 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2022-50689 [MEDIUM] CVE-2022-50689 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50689 :
Homebrew vulnerability analysis and mitigation
Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can paste a large 8000-byte buffer into the password field to trigger an application crash during SFTP task configuration.
Source : NVD
## 6.9
Score
Published December 22, 2025
Severity MEDIUM
CNA Score 6.9
Affected Technologies
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
reflector
Sources
NVD
Homebrew Severity MEDIUM No Fix Added at: Jan 01, 2026
## Get a CVE r
Wiz
CVE-2022-50750 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2022-50750 CVE-2022-50750 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50750 :
Linux Kernel vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure
In case mipi_dsi_attach() fails, call drm_panel_remove() to
avoid memory leak.
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Kernel
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
kernel-devel-matched
kernel-rt-64k-debug
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Dec 26, 2025
Echo Has Fix Added at: Dec 26, 2025
Red Hat 8 Severity LOW Has Fix Adde
Wiz
CVE-2022-50830 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2022-50830 CVE-2022-50830 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50830 :
Linux Kernel vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
auxdisplay: hd44780: Fix potential memory leak in hd44780_remove()
hd44780_probe() allocates a memory chunk for hd with kzalloc() and
makes "lcd->drvdata->hd44780" point to it. When we call hd44780_remove(),
we should release all relevant memory and resource. But "lcd->drvdata
->hd44780" is not released, which will lead to a memory leak.
We should release the "lcd->drvdata->hd44780" in hd44780_remove() to fix
the memory leak bug.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Kernel
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation P
2022-09-23
Published