CVE-2019-7383

Name of the Vulnerable Software and Affected Versions Systrome Cumilon devices with firmware V1.1-R2.1 TRUNK-20181105.bin

Description A shell command injection issue occurs when editing the description of an ISP file due to improper validation of user input in the file network/isp/isp update edit.php. This leads to shell command injection via the des parameter.

Recommendations For devices with firmware V1.1-R2.1 TRUNK-20181105.bin, consider restricting access to the network/isp/isp update edit.php file to minimize the risk of exploitation. Avoid using the des parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.