Gbrls

**Name of the Vulnerable Software and Affected Versions** Parks Fiberlink 210 firmware version V2.1.14 X000 **Description** An OS Command Injection issue exists due to the lack of neutralization of special elements used in the operating system command. This can be exploited via the "/boaform/admin/formPing" target addr parameter, allowing an attacker to execute arbitrary commands on the server. The `target addr` parameter is vulnerable to this issue. **Recommendations** For Parks Fiberlink 210 firmware version V2.1.14 X000, as a temporary workaround, consider disabling the `/boaform/admin/formPing` endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `target addr` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.