automatic module_metadata_base.json update

msjenkins-r7 · msjenkins-r7 · commit 4130c61a1489 · 2022-02-08T12:48:04.000-06:00
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -60575,11 +60575,11 @@
     "session_types": false,
     "needs_cleanup": null
   },
-  "exploit_linux/http/grandstream_gxv3175_settimezone_unauth_cmd_exec": {
-    "name": "Grandstream GXV3175 'settimezone' Unauthenticated Command Execution",
-    "fullname": "exploit/linux/http/grandstream_gxv3175_settimezone_unauth_cmd_exec",
+  "exploit_linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec": {
+    "name": "Grandstream GXV31XX 'settimezone' Unauthenticated Command Execution",
+    "fullname": "exploit/linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec",
     "aliases": [
-
+      "exploit/linux/http/grandstream_gxv3175_settimezone_unauth_cmd_exec"
     ],
     "rank": 500,
     "disclosure_date": "2016-09-01",
@@ -60589,14 +60589,14 @@
       "Brendan Scarvell",
       "bcoles <bcoles@gmail.com>"
     ],
-    "description": "This module exploits a command injection vulnerability in Grandstream GXV3175\n          IP multimedia phones. The 'settimezone' action does not validate input in the\n          'timezone' parameter allowing injection of arbitrary commands.\n\n          A buffer overflow in the 'phonecookie' cookie parsing allows authentication\n          to be bypassed by providing an alphanumeric cookie 93 characters in length.\n\n          This module was tested successfully on Grandstream GXV3175v2\n          hardware revision V2.6A with firmware version 1.0.1.19.",
+    "description": "This module exploits a command injection vulnerability in Grandstream GXV31XX\n          IP multimedia phones. The 'settimezone' action does not validate input in the\n          'timezone' parameter allowing injection of arbitrary commands.\n\n          A buffer overflow in the 'phonecookie' cookie parsing allows authentication\n          to be bypassed by providing an alphanumeric cookie 93 characters in length.\n\n          This module was tested successfully on Grandstream models:\n          GXV3175v2 hardware revision V2.6A with firmware version 1.0.1.19; and\n          GXV3140 hardware revision V0.4B with firmware version 1.0.1.27.",
     "references": [
       "CVE-2019-10655",
       "URL-https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920",
       "URL-https://github.com/dirtyfilthy/gxv3175-remote-code-exec/blob/master/modules/exploits/linux/http/grandstream_gxv3175_cmd_exec.rb"
     ],
-    "platform": "Linux",
-    "arch": "armle",
+    "platform": "Linux,Unix",
+    "arch": "",
     "rport": 80,
     "autofilter_ports": [
       80,
@@ -60614,12 +60614,13 @@
       "https"
     ],
     "targets": [
-      "Automatic"
+      "Linux (cmd)",
+      "Linux (ARMLE)"
     ],
-    "mod_time": "2022-01-19 00:04:15 +0000",
-    "path": "/modules/exploits/linux/http/grandstream_gxv3175_settimezone_unauth_cmd_exec.rb",
+    "mod_time": "2022-01-29 19:38:57 +0000",
+    "path": "/modules/exploits/linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec.rb",
     "is_install_path": true,
-    "ref_name": "linux/http/grandstream_gxv3175_settimezone_unauth_cmd_exec",
+    "ref_name": "linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec",
     "check": true,
     "post_auth": false,
     "default_credential": false,
