GHSA-489r-v3h6-c72qHighCVSS 8.8

The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG...

Published
May 5, 2026
Last Modified
June 15, 2026

🔗 CVE IDs covered (1)

📋 Description

The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.

🔗 References (7)