Grandstream Phone Vulnerability Security Issue Remote Backdoor Connection to 207.246.119.209:3478

Have you checked your router/firewall logs and disconcertingly see connections to an unknown IP 207.246.119.209:3478 from your Grandstream VOIP phones?

You're not alone and the Grandstream forums have discussed this issue.

However, even their own staff do not seem to be aware or are not disclosing what this connection is.

It is Grandstream's GDMS.cloud UCM Remote connect feature

This is the establishment to the STUN server and you can find their list of servers/info here.

It allows you to remotely provision and manage your devices and is enabled by default at least on later/newer firmware versions.  While this is a great feature and helpful for provisioning, it is still concerning since there is no obvious warning or disclosure on this when purchasing the phone.  It represents a huge tradeoff of security/privacy vs convenience.

The concern is that Grandstream, the government and hackers could potentially compromise your phone, your calls and even your network is it is essentially a back door to your network despite being on a protected LAN and firewall.  Others share the same concern here: https://www.voip-info.org/forum/threads/grandstream-backdoor.24096/

 

How To Disable The Remote 3478 Connection

Under "Advanced Settings" -> Enable TR-069 disable it by setting to to "No" and then click "Apply".

 

Manual Edit Cannot Disable

You can remove the P8209 entry or make it null or change it, and upload the config file, but the firmware seems to just default back and re-enable the STUN server.  The only solution is to block any DNS lookups to that host and block all traffic to that UDP port.


Tags:

grandstream, vulnerability, backdoor, router, firewall, logs, disconcertingly, connections, ip, voip, forums, disclosing, gdms, ucm, feature, establishment, stun, server, servers, info, allows, remotely, provision, devices, enabled, default, newer, firmware, versions, concerning, disclosure, purchasing, disabled, admin, config, entry, null, upload, enable, dns, lookups, udp,

Latest Articles

  • iptables NAT how to enable PPTP in newer Debian/Ubuntu/Mint Kernels Linux
  • Grandstream Phone Vulnerability Security Issue Remote Backdoor Connection to 207.246.119.209:3478
  • Linux How to Check Which NIC is Onboard eth0 or eth1 Ubuntu Centos Debian Mint
  • VboxManage VirtualBox NAT Network Issues Managment Troubleshooting
  • Dell PowerEdge Server iDRAC Remote KVM/IP Default Username, Password Reset and Login Information Solution
  • Nvidia Tesla GPUs K40/K80/M40/P40/P100/V100 at home/desktop hacking, cooling, powering, cable solutions Tutorial AIO Solutions
  • Stop ls in Linux Debian Mint CentOS Ubuntu from applying quotes around filenames and directory names
  • Thunderbird Attachment Download Error Corrupt Wrong filesize of 29 or 27 bytes Solution
  • Generic IP Camera LAN Default IP Settings DVR
  • Ubuntu Debian Mint Linux How To Update Initramfs Manually update-initramfs
  • Enable Turbo Mode for CPU Ubuntu Linux Mint Debian Redhat
  • docker / kubernetes breaks Proxmox QEMU KVM Bridge VMs
  • How To Change Storage Location in Docker.io
  • RTL8812BU and RTL8822BU Linux Driver Ubuntu Setup Archer T3U Plus
  • Kazam video blank/high size and not working when recording solution
  • Cisco UC CME How To Enable Licensed Features
  • from pip._internal.cli.main import main File "/usr/local/lib/python3.5/dist-packages/pip/_internal/cli/main.py", line 60 sys.stderr.write(f"ERROR: {exc}") from pip._internal.cli.main import main File "/usr/local/lib/python3.5/dist-packag
  • ModuleNotFoundError: No module named 'pip._internal' solution python
  • grub blank screen how to manually boot kernel and initrd Linux Ubuntu Debian Centos won't boot solution
  • Cisco Switch / Router How To Restore Factory Default Settings