The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote malicious users to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lifesize lifesize_room_appliance_software ls_rm1_3.5.3 |
||
lifesize lifesize_room_appliance_software 4.7.18 |