2 matches found
CVE-2019-10658
Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...
CVE-2019-10658
The CVE-2019-10658 issue affects Grandstream GWN7610 devices with firmware prior to 1.0.8.18. Affected component is the /ubus/controller.icc.update_nds_webroot_from_tmp API call, where an authenticated user can inject shell metacharacters via the filename parameter to execute arbitrary code on th...