EUVD-2019-2458

Malware in sbrugna...

CVE-2019-10658

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

Blind Command Injection Vulnerability in Grandstream Products

A Blind Command Injection Vulnerability exists in Grandstream devices: - The affected devices are: GWN7000 & GWN7610 - A blind command injection vulnerability exists in the 'filename' parameter. An unauthenticated, remote attacker can exploit this to bypass authentication and obtain a root shell....

Grandstream GWN7610 Command Injection Vulnerability

The Grandstream GWN7610 is a wireless access point device from Grandstream. A security vulnerability exists in the Grandstream GWN7610 version prior to 1.0.8.18. An attacker can exploit this vulnerability to execute illegal commands...

Code injection

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

CVE-2019-10658

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

CVE-2019-10658

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

CVE-2019-10657

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

CVE-2019-10657

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

Cross site request forgery (csrf)

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

CVE-2019-10658

The CVE-2019-10658 issue affects Grandstream GWN7610 devices with firmware prior to 1.0.8.18. Affected component is the /ubus/controller.icc.update_nds_webroot_from_tmp API call, where an authenticated user can inject shell metacharacters via the filename parameter to execute arbitrary code on th...

CVE-2019-10658

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

CVE-2019-10657

Grandstream GWN7000 (pre-1.0.6.32) and GWN7610 (pre-1.0.8.18) are affected by CVE-2019-10657. Remote authenticated users can disclose passwords via a /ubus/uci.apply config request, enabling potential information disclosure. Root cause details are not fully elaborated in the provided documents. A...

CVE-2019-10657

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

PT-2019-11971 · Grandstream · Grandstream Gwn7610

Name of the Vulnerable Software and Affected Versions: Grandstream GWN7610 versions prior to 1.0.8.18 Description: The issue allows remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a "/ubus/controller.icc.update nds webroot from tmp" API call,...