← voltar
CVE-2023-30024

CVE-2023-30024

EPSS 0.5%CWE-863
The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://drive.google.com/drive/folders/1cKd8hksThK610GPtBQ3du8DEkwKywlAi?usp=sharinghttps://pastebin.com/raw/irWcawp8https://samuraisecurity.co.uk/red-teaming-0x01-click-rce-via-voip-usb/https://www.magicjack.com/