CVE-2019-10660

Опубликовано: 30 мар. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.

Ссылки

https://github.com/scarvell/grandstream_exploits
Third Party Advisory
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1
Third Party Advisory
https://github.com/scarvell/grandstream_exploits
Third Party Advisory
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:*:*:*:*:*:*:*:*

Версия до 1.0.3.23 (исключая)

cpe:2.3:h:grandstream:gxv3611ir_hd:-:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02417

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-7348-qhjj-7r42