Blind Command Injection Vulnerability in Grandstream Products
Critical Nessus Plugin ID 123796
SynopsisThe remote device is vulnerable and can be compromised
DescriptionA Blind Command Injection Vulnerability exists in Grandstream devices:
- The affected devices are: GWN7000 & GWN7610
- A blind command injection vulnerability exists in the 'filename' parameter. An unauthenticated, remote attacker can exploit this to bypass authentication and obtain a root shell.
SolutionUpdate to the fixed version as per the advisory.