2 results (0.009 seconds)

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. En Grandstream GXV3611IR_HD, en dispositivos con versiones anteriores a la 1.0.3.23, la cuenta root carece de una contraseña. • https://github.com/scarvell/grandstream_exploits https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1 • CWE-287: Improper Authentication •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. Los dispositivos Grandstream GXV3611IR_HD, en versiones anteriores a la 1.0.3.23, permiten a los usuarios remotos ejecutar código arbitrario mediante metacaracteres shell en el campo "logserver" en /goform/systemlog?cmd=set. • https://github.com/scarvell/grandstream_exploits https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •