CVE-2019-10656
Published
CVSS v3
8.8
HIGH
CVSS v2
9
HIGH
Affected
1
PROJECT
Description
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.
GitHub