CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 3CVE-2022-43973 – Arbitrary code execution in Linksys WRT54GL
https://notcve.org/view.php?id=CVE-2022-43973
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root. Existe una vulnerabilidad de ejecución de código arbitrario en el router Linksys WRT54GL Wireless-G Broadband con firmware <= 4.30.18.006. La función Check_TSSI dentro del binario httpd utiliza entradas de usuario no validadas en la construcción de un comando del sistema. • https://youtu.be/73-1lhvJPNg https://youtu.be/RfWVYCUBNZ0 https://youtu.be/TeWAmZaKQ_w • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 3CVE-2022-43970 – Buffer overflow in Linksys WRT54GL
https://notcve.org/view.php?id=CVE-2022-43970
A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi. Existe una vulnerabilidad de desbordamiento del búfer en el router Linksys WRT54GL Wireless-G Broadband con firmware <= 4.30.18.006. Un desbordamiento de búfer en la región stack de la memoria en la función Start_EPI dentro del binario httpd permite a un atacante autenticado con privilegios de administrador ejecutar comandos arbitrarios en el sistema operativo Linux subyacente como root. • https://youtu.be/73-1lhvJPNg https://youtu.be/RfWVYCUBNZ0 https://youtu.be/TeWAmZaKQ_w • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-35572
https://notcve.org/view.php?id=CVE-2022-35572
On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction. • https://willgu.es/?p=76 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38555
https://notcve.org/view.php?id=CVE-2022-38555
Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. Linksys E1200 versión v1.0.04, es vulnerable a un desbordamiento del búfer por medio de la función ej_get_web_page_name. • http://linksys.com https://github.com/xxy1126/Vuln/tree/main/1 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38132 – Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands.
https://notcve.org/view.php?id=CVE-2022-38132
Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. This issue affects: Linksys MR8300 Router 1.0. Una vulnerabilidad de inyección de Comandos en el router Linksys MR8300 mientras es registrado en el servicio DDNS. • https://downloads.linksys.com/support/assets/releasenotes/MR8300_1.1.10.210186_Customer_ReleaseNotes.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •