CVE-2019-10660

Name of the Vulnerable Software and Affected Versions Grandstream GXV3611IR HD version 1.0.3.23 and earlier

Description The issue allows remote authenticated users to execute arbitrary code via shell metacharacters in the "/goform/systemlog?cmd=set logserver" field. This is a remote code execution issue that can be exploited by authenticated users.

Recommendations For Grandstream GXV3611IR HD version 1.0.3.23 and earlier, update to version 1.0.3.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/goform/systemlog" API endpoint to minimize the risk of exploitation. Avoid using the logserver field in the affected API endpoint until the issue is resolved.