CVE-2024-42633

A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:linksys:e1500_firmware:1.0.06.001:*:*:*:*:*:*:*
cpe:2.3:h:linksys:e1500:-:*:*:*:*:*:*:*

History

20 Aug 2024, 16:18

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References () https://github.com/goldds96/Report/blob/main/Linksys/E1500/CI.md - () https://github.com/goldds96/Report/blob/main/Linksys/E1500/CI.md - Exploit
Summary
  • (es) Existe una vulnerabilidad de inyección de comandos en la función do_upgrade_post del binario httpd en Linksys E1500 v1.0.06.001. Como resultado, un atacante autenticado puede ejecutar comandos del sistema operativo con privilegios de root.
First Time Linksys e1500 Firmware
Linksys
Linksys e1500
CPE cpe:2.3:o:linksys:e1500_firmware:1.0.06.001:*:*:*:*:*:*:*
cpe:2.3:h:linksys:e1500:-:*:*:*:*:*:*:*
CWE CWE-78

19 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-19 16:15

Updated : 2024-08-20 16:18


NVD link : CVE-2024-42633

Mitre link : CVE-2024-42633

CVE.ORG link : CVE-2024-42633


JSON object : View

Products Affected

linksys

  • e1500
  • e1500_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')