An issue exists on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/isp_update_edit.php does not properly validate user input, which leads to shell command injection via the des parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
systrome cumilon_isg-600c_firmware 1.1-r2.1 |
||
systrome cumilon_isg-600h_firmware 1.1-r2.1 |
||
systrome cumilon_isg-800w_firmware 1.1-r2.1 |