Amri Amine

**Name of the Vulnerable Software and Affected Versions** Comtrend AR-5310 GE31-412SSG-C01 R10.A2pG039u.d24k **Description** The device contains a restricted shell escape flaw. Local users can bypass command restrictions by utilizing the command substitution operator `$( )`. Attackers can inject arbitrary commands through the `$( )` syntax when provided as arguments to permitted commands, such as `ping`, to achieve unrestricted shell access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.