CVE-2023-30024

The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.6 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
magicjacka921_firmware
1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://drive.google.com/drive/folders/1cKd8hksThK610GPtBQ3du8DEkwKywlAi?usp=sharing
https://pastebin.com/raw/irWcawp8
https://samuraisecurity.co.uk/red-teaming-0x01-click-rce-via-voip-usb/
https://www.magicjack.com/
https://drive.google.com/drive/folders/1cKd8hksThK610GPtBQ3du8DEkwKywlAi?usp=sharing
https://pastebin.com/raw/irWcawp8
https://samuraisecurity.co.uk/red-teaming-0x01-click-rce-via-voip-usb/
https://www.magicjack.com/