CVE-2019-25483

HIGH

8.4

Description

Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed as arguments to allowed commands like ping to execute unrestricted shell access.

Details CVE

Score CVSS v3.18.4

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie3/11/2026

Derniere modification3/12/2026

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-306

References

https://www.exploit-db.com/exploits/47149(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/comtrend-ar-5310-ge31-412ssg-c01-r10-a2pg039u-d24k-restricted-shell-escape(disclosure@vulncheck.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.