# Vendor: MagicJack # Product: magicJack A921 USB Phone Jack # Version: Rev 3.0 V1.4 # Vulnerability: Insecure permissions # Description: The MagicJack device is a VoIP (Voice over Internet Protocol) device that allows users to make phone calls over the internet. The device contains a hidden partition on the NAND flash memory that allows unauthorized read and write access. An attacker with access to this partition can create a malicious version of the MagicJack software and write it to the hidden partition, where it is indistinguishable from the original software stored in a separate, non-writable partition. This enables the attacker to trick users into executing the malicious software, which then deploys ransomware on the host computer. This vulnerability allows the attacker to gain unauthorized access to the system and compromise sensitive data or cause significant disruption to business operations. MagicJack devices with firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4 are affected. # References: https://www.magicjack.com/ https://drive.google.com/drive/folders/1cKd8hksThK610GPtBQ3du8DEkwKywlAi?usp=sharing