CVE-2019-25483

Name of the Vulnerable Software and Affected Versions Comtrend AR-5310 GE31-412SSG-C01 R10.A2pG039u.d24k

Description The device contains a restricted shell escape flaw. Local users can bypass command restrictions by utilizing the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when provided as arguments to permitted commands, such as ping, to achieve unrestricted shell access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.