Melvin Mejia

**Name of the Vulnerable Software and Affected Versions** Easywall version 0.3.1 **Description** The software contains a flaw that permits authenticated remote command execution. This is due to a parameter injection weakness in the `/ports-save` API endpoint, allowing attackers to inject shell metacharacters and execute arbitrary commands on the server. The vulnerable parameter is not explicitly specified. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/ports-save` API endpoint.