Full Disclosure

Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root

July 7, 2015 007admin Leave a comment

Posted by David Jorm on Jul 07

The Grandstream GXV3275 is an Android-based VoIP phone. Several
vulnerabilities were found affecting this device.

* The device ships with a default root SSH key, which could be used as a
backdoor:

/system/root/.ssh # cat authorized_keys
Public key portion is:
ssh-rsa…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information