14 matches found
EUVD-2019-2456
Malware in sbrugna...
CVE-2020-5756
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...
CVE-2019-10656
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply updatendswebrootfromtmp API call...
Grandstream GWN7000 Arbitrary OS Command Execution Vulnerability
The Grandstream GWN7000 is an enterprise-class multi-WAN Gigabit VPN router. An arbitrary OS command execution vulnerability exists in the Grandstream GWN7000 version 1.0.9.4 and earlier. The vulnerability stems from the fact that the product allows an authenticated remote user to modify the...
Design/Logic Flaw
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...
CVE-2020-5756
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router...
Grandstream GWN7000 Command Injection Vulnerability
The Grandstream GWN7000 is an enterprise-class VPN router from Grandstream. A security vulnerability exists in the Grandstream GWN7000 versions prior to 1.0.6.32. An attacker can exploit this vulnerability to execute illegal commands...
CVE-2019-10656
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply updatendswebrootfromtmp API call...
Code injection
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply updatendswebrootfromtmp API call...
CVE-2019-10657
Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...
Cross site request forgery (csrf)
Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...
CVE-2019-10656
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply updatendswebrootfromtmp API call...
CVE-2019-10656
Summary: CVE-2019-10656 affects Grandstream GWN7000 prior to 1.0.6.32. Affected component is the /ubus/uci.apply update_nds_webroot_from_tmp API call, where remote authenticated users can inject shell metacharacters in a filename to execute arbitrary code on the device. Public references across d...
PT-2019-11969 · Grandstream · Grandstream Gwn7000
Name of the Vulnerable Software and Affected Versions: Grandstream GWN7000 versions prior to 1.0.6.32 Description: The issue allows remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a "/ubus/uci.apply" update nds webroot from tmp API call...