Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.
8.8CVSS
9.2AI Score
0.002EPSS
On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password.
9.8CVSS
9.4AI Score
0.002EPSS