Xerod

**Name of the Vulnerable Software and Affected Versions** ALTICE LABS / SFR France GR140DG (affected versions not specified) ALTICE LABS / SFR France GR140IG (affected versions not specified) **Description** The ping diagnostic handler in the '/bin/httpd clientside' endpoint allows authenticated remote attackers to execute arbitrary commands with root privileges. This occurs because unsanitized user input provided through the `destAddr` parameter is inserted into a `system()` call, enabling shell command substitution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALTICE LABS / SFR France GR140DG (affected versions not specified) ALTICE LABS / SFR France GR140IG (affected versions not specified) **Description** The traceroute diagnostic handler in the '/bin/httpd clientside' endpoint of the affected devices inserts unsanitized user input into a `system()` call. This allows authenticated remote attackers to execute arbitrary commands with root privileges by using shell command substitution through the `destAddr` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.