CVE-2019-10659

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Grandstream GXV3370 versions prior to 1.0.1.41 Grandstream WP820 versions prior to 1.0.3.6

Description The issue allows remote authenticated users to execute arbitrary code via shell metacharacters in a "priority field" of the /manager?action=getlogcat "API Endpoint".

Recommendations For Grandstream GXV3370 versions prior to 1.0.1.41, update to version 1.0.1.41 or later. For Grandstream WP820 versions prior to 1.0.3.6, update to version 1.0.3.6 or later.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2019-10659

Affected Products

Grandstream Gxv3370

Grandstream Wp820

CVE-2019-10659

Weakness Enumeration

Related Identifiers

Affected Products

References · 4