Vulnerability Details CVE-2019-10660
Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2019-10660
-
cpe:2.3:h:grandstream:gxv3611ir_hd:-
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.2.24
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.2.43
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.2.50
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.2.55
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.2.58
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.2.62
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.2.67
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.2.69
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.3.0
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.3.13
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.3.14
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.3.17
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.3.21
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.3.5
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.3.6
-
cpe:2.3:o:grandstream:gxv3611ir_hd_firmware:1.0.3.9