CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22543
https://notcve.org/view.php?id=CVE-2024-22543
27 Feb 2024 — An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function. Se descubrió un problema en Linksys Router E1700 1.0.04 (compilación 3), que permite a atacantes autenticados escalar privilegios a través de una solicitud GET manipulada al URI /goform/* o mediante la función ExportSettings. • https://mat4mee.notion.site/Leaked-SessionID-can-lead-to-authentication-bypass-on-the-Linksys-Router-E1700-f56f9c4b15e7443fa237bd1b101a18d2 • CWE-613: Insufficient Session Expiration •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22544
https://notcve.org/view.php?id=CVE-2024-22544
27 Feb 2024 — An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. Se descubrió un problema en Linksys Router E1700 versión 1.0.04 (compilación 3), que permite a atacantes autenticados ejecutar código arbitrario a través de la función setDateTime. • https://mat4mee.notion.site/Remote-Code-Execution-RCE-on-the-Linksys-Router-E1700-765c9bbf6a7f4171b670bc778bf9b005 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •