A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.CreditsAndrea PalancaNozomi Networks Security Research TeamReferenceshttps://cert.vde.com/en/advisories/VDE-2024-039
