Re: Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root (David Jorm

Posted by Seamus Caveney on Jul 11

There is another similar issue affecting GXP color phones (GXP2130, 2140, 2160) reported to Grandstream that was fixed
in 1.0.4.22. From the main shell there is a bluetooth test mode you can enter by typing ‘bttest’. From inside this
subshell there is no shell sanitization and you can escape using normal techniques.

Grandstream GXP2130 Command Shell Copyright 2014
GXP2130> bttest
BTTEST> ;id
uid=0(root) gid=0(root)…

Leave a Reply