← volver
CVE-2023-30024

CVE-2023-30024

EPSS 0.5%CWE-863
The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://drive.google.com/drive/folders/1cKd8hksThK610GPtBQ3du8DEkwKywlAi?usp=sharinghttps://pastebin.com/raw/irWcawp8https://samuraisecurity.co.uk/red-teaming-0x01-click-rce-via-voip-usb/https://www.magicjack.com/