CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10661
https://notcve.org/view.php?id=CVE-2019-10661
30 Mar 2019 — On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. En Grandstream GXV3611IR_HD, en dispositivos con versiones anteriores a la 1.0.3.23, la cuenta root carece de una contraseña. • https://github.com/scarvell/grandstream_exploits • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10660
https://notcve.org/view.php?id=CVE-2019-10660
30 Mar 2019 — Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. Los dispositivos Grandstream GXV3611IR_HD, en versiones anteriores a la 1.0.3.23, permiten a los usuarios remotos ejecutar código arbitrario mediante metacaracteres shell en el campo "logserver" en /goform/systemlog?cmd=set. • https://github.com/scarvell/grandstream_exploits • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •