GHSA-48q2-ffv8-pgrwHighCVSS 8.8
The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and...
🔗 CVE IDs covered (1)
📋 Description
The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.