CVE-2019-25483

HIGH

8.4

Description

Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed as arguments to allowed commands like ping to execute unrestricted shell access.

CVE Details

CVSS v3.1 Score8.4

SeverityHIGH

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published3/11/2026

Last Modified3/12/2026

Sourcenvd

Honeypot Sightings0

Weaknesses (CWE)

CWE-306

References

https://www.exploit-db.com/exploits/47149(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/comtrend-ar-5310-ge31-412ssg-c01-r10-a2pg039u-d24k-restricted-shell-escape(disclosure@vulncheck.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.