Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.

Multiple Vulnerabilities in Grandstream devices.

   - The affected devices are: GAC2500, GVC3202, GXP2200,      GXV3275, GXV3240, GXV3611IR_HD, GXV3611IR_HD, GXV3611IR_HD,      UCM6204, GXV3370, & WP820.

   - A remote command execution vulnerability exists in the 'priority'      and 'logserver' parameters. An unauthenticated, remote attacker can exploit      them to bypass authentication and execute arbitrary commands      with root privileges. 

   - A blind command injection vulnerability exists in the      'file-backup' parameter. An unauthenticated, remote attacker can      exploit this to bypass authentication and obtain a root shell.

The remote host is running a Grandstream GXV3370 device, firmware version prior to 1.0.1.41 , and is therefore affected by a RCE attack vector that allows remote authenticated users to execute arbitrary code via shell metacharacters in a '/manager?action=getlogcat' priority field.

Multiple Vulnerabilities in Grandstream devices.

   - The affected devices are: GAC2500, GVC3202, GXP2200,      GXV3275, GXV3240, GXV3611IR_HD, GXV3611IR_HD, GXV3611IR_HD,      UCM6204, GXV3370, WP820, GWN7000, & GWN7610.

   - A remote command execution vulnerability exists in the 'priority'      and 'logserver' parameters. An unauthenticated, remote attacker can exploit      them to bypass authentication and execute arbitrary commands      with root privileges.

   - A blind command injection vulnerability exists in the 'filename'      and 'file-backup' parameters. An unauthenticated, remote      attacker can exploit this to bypass authentication and obtain a root shell.

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.7.x prior to 2.7.19 are affected by a flaw that may allow an attacker to execute arbitrary code. 

ID	Name	Product	Family	Severity
124173	Multiple Command Injection Vulnerabilities in Grandstream Products	Nessus	Misc.	critical
700498	Grandstream GXV3370 < 1.0.1.41 RCE	Nessus Network Monitor	IoT	high
123520	Multiple Command Injection Vulnerabilities in Grandstream Products	Nessus	Misc.	critical
700008	Moodle 2.7.x < 2.7.19 RCE	Nessus Network Monitor	CGI	critical

Detections

Analytics

CVE-2019-10659

high

Tenable Plugins

critical

high

critical

critical