This vulnerability affects the ping diagnostic handler in /bin/httpd_clientside on specific ALTICE LABS / SFR France fibre CPE/Router/Gateway models (GR140DG and GR140IG). The handler inserts user-supplied input directly into a system() call without sanitization, enabling authenticated remote attackers to execute arbitrary commands with root privileges by exploiting shell command substitution in the destAddr parameter. The vulnerability was published on 2026-05-05, but no CVSS score or remediation details have been provided.

Successful exploitation allows authenticated remote attackers to execute arbitrary commands as root on the affected devices. This could lead to full compromise of the device, including unauthorized control over network traffic and device configuration. No known exploits have been reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected diagnostic functionality to trusted users only and monitor for suspicious activity related to the destAddr parameter. Avoid exposing the vulnerable interface to untrusted networks.