The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4.
References
Link | Resource |
---|---|
https://drive.google.com/drive/folders/1cKd8hksThK610GPtBQ3du8DEkwKywlAi?usp=sharing | Exploit |
https://pastebin.com/raw/irWcawp8 | Third Party Advisory |
https://samuraisecurity.co.uk/red-teaming-0x01-click-rce-via-voip-usb/ | Exploit Technical Description Third Party Advisory |
https://www.magicjack.com/ | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-28T00:00:00
Updated: 2023-05-12T00:00:00
Reserved: 2023-04-07T00:00:00
Link: CVE-2023-30024
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-28T13:15:13.920
Modified: 2023-05-12T12:15:09.623
Link: CVE-2023-30024
JSON object: View
Redhat Information
No data.
CWE