EUVD-2019-2458

Malware in sbrugna...

CVE-2019-10658

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

Grandstream GWN7610 Command Injection Vulnerability

The Grandstream GWN7610 is a wireless access point device from Grandstream. A security vulnerability exists in the Grandstream GWN7610 version prior to 1.0.8.18. An attacker can exploit this vulnerability to execute illegal commands...

Code injection

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

CVE-2019-10658

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

CVE-2019-10658

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

Cross site request forgery (csrf)

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...

PT-2019-11971 · Grandstream · Grandstream Gwn7610

Name of the Vulnerable Software and Affected Versions: Grandstream GWN7610 versions prior to 1.0.8.18 Description: The issue allows remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a "/ubus/controller.icc.update nds webroot from tmp" API call,...