CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 3CVE-2022-43971 – Arbitrary code execution in Linksys WUMC710
https://notcve.org/view.php?id=CVE-2022-43971
An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root. Existe una vulnerabilidad de ejecución de código arbitrario en Linksys WUMC710 Wireless-AC Universal Media Connector con firmware <= 1.0.02 (build3). La función do_setNTP dentro del binario httpd utiliza entradas de usuario no validadas en la construcción de un comando del sistema. • https://youtu.be/73-1lhvJPNg https://youtu.be/RfWVYCUBNZ0 https://youtu.be/TeWAmZaKQ_w • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 3CVE-2022-43973 – Arbitrary code execution in Linksys WRT54GL
https://notcve.org/view.php?id=CVE-2022-43973
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root. Existe una vulnerabilidad de ejecución de código arbitrario en el router Linksys WRT54GL Wireless-G Broadband con firmware <= 4.30.18.006. La función Check_TSSI dentro del binario httpd utiliza entradas de usuario no validadas en la construcción de un comando del sistema. • https://youtu.be/73-1lhvJPNg https://youtu.be/RfWVYCUBNZ0 https://youtu.be/TeWAmZaKQ_w • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-35572
https://notcve.org/view.php?id=CVE-2022-35572
On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction. • https://willgu.es/?p=76 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38555
https://notcve.org/view.php?id=CVE-2022-38555
Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. Linksys E1200 versión v1.0.04, es vulnerable a un desbordamiento del búfer por medio de la función ej_get_web_page_name. • http://linksys.com https://github.com/xxy1126/Vuln/tree/main/1 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38132 – Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands.
https://notcve.org/view.php?id=CVE-2022-38132
Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. This issue affects: Linksys MR8300 Router 1.0. Una vulnerabilidad de inyección de Comandos en el router Linksys MR8300 mientras es registrado en el servicio DDNS. • https://downloads.linksys.com/support/assets/releasenotes/MR8300_1.1.10.210186_Customer_ReleaseNotes.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •