exploitDog

CVE-2023-31741

Опубликовано: 23 мая 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.

Ссылки

http://linksys.com
Product
https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31741/Linksys_E2000_RCE_2.pdf
Exploit
Mitigation
Third Party Advisory
http://linksys.com
Product
https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31741/Linksys_E2000_RCE_2.pdf
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:linksys:e2000_firmware:1.0.06:*:*:*:*:*:*:*

cpe:2.3:h:linksys:e2000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00456

Низкий

7.2 High

CVSS3

Дефекты

CWE-77

CWE-77

Связанные уязвимости

GHSA-vwwm-g3pw-3q86

CVSS3: 7.2

github

больше 2 лет назад

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.

EPSS

Процентиль: 63%

0.00456

Низкий

7.2 High

CVSS3

Дефекты

CWE-77

CWE-77