Comtrend · Ar-5310 · CVE-2019-25483
**Name of the Vulnerable Software and Affected Versions**
Comtrend AR-5310 GE31-412SSG-C01 R10.A2pG039u.d24k
**Description**
The device contains a restricted shell escape flaw. Local users can bypass command restrictions by utilizing the command substitution operator `$( )`. Attackers can inject arbitrary commands through the `$( )` syntax when provided as arguments to permitted commands, such as `ping`, to achieve unrestricted shell access.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.