CVE-2019-10657

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Grandstream GWN7000 versions prior to 1.0.6.32 Grandstream GWN7610 versions prior to 1.0.8.18

Description The issue allows remote authenticated users to discover passwords via a "/ubus/uci.apply" config request. This could potentially lead to unauthorized access to sensitive information.

Recommendations For Grandstream GWN7000 versions prior to 1.0.6.32, update to version 1.0.6.32 or later. For Grandstream GWN7610 versions prior to 1.0.8.18, update to version 1.0.8.18 or later.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2019-10657

Affected Products

Grandstream Gwn7000

Grandstream Gwn7610

CVE-2019-10657

Weakness Enumeration

Related Identifiers

Affected Products

References · 4