EUVD-2019-2458

Malware in sbrugna...

CVE-2019-10658

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

Blind Command Injection Vulnerability in Grandstream Products

A Blind Command Injection Vulnerability exists in Grandstream devices: - The affected devices are: GWN7000 & GWN7610 - A blind command injection vulnerability exists in the 'filename' parameter. An unauthenticated, remote attacker can exploit this to bypass authentication and obtain a root shell....

Grandstream GWN7610 Command Injection Vulnerability

The Grandstream GWN7610 is a wireless access point device from Grandstream. A security vulnerability exists in the Grandstream GWN7610 version prior to 1.0.8.18. An attacker can exploit this vulnerability to execute illegal commands...

CVE-2019-10658

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

Cross site request forgery (csrf)

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

Code injection

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

CVE-2019-10657

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

CVE-2019-10658

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

CVE-2019-10657

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

CVE-2019-10658

The CVE-2019-10658 issue affects Grandstream GWN7610 devices with firmware prior to 1.0.8.18. Affected component is the /ubus/controller.icc.update_nds_webroot_from_tmp API call, where an authenticated user can inject shell metacharacters via the filename parameter to execute arbitrary code on th...

CVE-2019-10658

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

CVE-2019-10657

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

CVE-2019-10657

Grandstream GWN7000 (pre-1.0.6.32) and GWN7610 (pre-1.0.8.18) are affected by CVE-2019-10657. Remote authenticated users can disclose passwords via a /ubus/uci.apply config request, enabling potential information disclosure. Root cause details are not fully elaborated in the provided documents. A...

PT-2019-11971 · Grandstream · Grandstream Gwn7610

Name of the Vulnerable Software and Affected Versions: Grandstream GWN7610 versions prior to 1.0.8.18 Description: The issue allows remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a "/ubus/controller.icc.update nds webroot from tmp" API call,...