CVE-2019-12489

2019-11-26T15:15:00
ID CVE-2019-12489
Type cve
Reporter cve@mitre.org
Modified 2019-12-30T16:35:00

Description

An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.