CVE-2019-10661
https://notcve.org/view.php?id=CVE-2019-10661
On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. En Grandstream GXV3611IR_HD, en dispositivos con versiones anteriores a la 1.0.3.23, la cuenta root carece de una contraseña. • https://github.com/scarvell/grandstream_exploits https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1 • CWE-287: Improper Authentication •
CVE-2019-10660
https://notcve.org/view.php?id=CVE-2019-10660
Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. Los dispositivos Grandstream GXV3611IR_HD, en versiones anteriores a la 1.0.3.23, permiten a los usuarios remotos ejecutar código arbitrario mediante metacaracteres shell en el campo "logserver" en /goform/systemlog?cmd=set. • https://github.com/scarvell/grandstream_exploits https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •