exploitDog

CVE-2023-31740

Опубликовано: 23 мая 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges.

Ссылки

http://linksys.com
Product
https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31740/Linksys_E2000_RCE.pdf
Exploit
Mitigation
Third Party Advisory
http://linksys.com
Product
https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31740/Linksys_E2000_RCE.pdf
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:linksys:e2000_firmware:1.0.06:*:*:*:*:*:*:*

cpe:2.3:h:linksys:e2000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00456

Низкий

7.2 High

CVSS3

Дефекты

CWE-77

CWE-77

Связанные уязвимости

GHSA-crx4-hwqf-949w

CVSS3: 7.2

github

больше 2 лет назад

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges.

EPSS

Процентиль: 63%

0.00456

Низкий

7.2 High

CVSS3

Дефекты

CWE-77

CWE-77