CVE-2019-7384

Name of the Vulnerable Software and Affected Versions Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with firmware version ISCOMHT803G-U 2.0.0 140521 R4.1.47.002 or below

Description An authenticated shell command injection issue has been discovered. The fmgpon loid parameter is used in a system call inside the boa binary without user input validation, leading to authenticated code execution on the device.

Recommendations For Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with firmware version ISCOMHT803G-U 2.0.0 140521 R4.1.47.002 or below, consider restricting access to the boa binary or implementing input validation for the fmgpon loid parameter as a temporary mitigation measure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.