Remote Code Execution Vulnerability in Grandstream GXV3611IR_HD Devices
CVE-2019-10660
8.8HIGH
What is CVE-2019-10660?
The Grandstream GXV3611IR_HD devices prior to version 1.0.3.23 are susceptible to a remote code execution vulnerability. This flaw allows authenticated users to exploit shell metacharacters in the '/goform/systemlog?cmd=set logserver' field, potentially leading to the execution of arbitrary code. Proper input validation and sanitization measures are critical to mitigate this vulnerability.