1 results (0.004 seconds)
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10659
https://notcve.org/view.php?id=CVE-2019-10659
30 Mar 2019 — Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field. Los dispositivos Grandstream GXV3370, en versiones anteriores a la 1.0.1.41, y Grandstream WP820, en versiones anteriores a la 1.0.3.6, permite a los usuarios remotos autenticados ejecutar código arbitrario mediante metacaracteres shell en un campo "priority" en /manager?action=getlogcat. • https://github.com/scarvell/grandstream_exploits • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •