Описание
Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.1.41 (исключая)
Одновременно
cpe:2.3:o:grandstream:gxv3370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:gxv3370:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.0.3.6 (исключая)
Одновременно
cpe:2.3:o:grandstream:wp820_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:wp820:-:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02417
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.
EPSS
Процентиль: 85%
0.02417
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-78