Remote Command Execution Vulnerability in Belkin N750 Router
CVE-2018-1143

9.8CRITICAL

Key Information:

Vendor: Belkin
Status: N750 Db Wi-fi Dual-band N+ Gigabit Router (f9k1103)
Vendor: CVE Published:; 19 April 2018

What is CVE-2018-1143?

A security vulnerability in the Belkin N750 router allows remote unauthenticated users to execute commands as root. This is achieved by sending a specially crafted HTTP request to the 'twonky_command.cgi' endpoint. Users should ensure their firmware is up to date to mitigate this risk.

Affected Version(s)

N750 DB Wi-Fi Dual-Band N+ Gigabit Router (F9K1103) Firmware 1.10.22?

References

https://www.tenable.com/security/research/tra-2018-08

x_refsource_MISC

EPSS Score

47% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2018
Vulnerability Reserved
Dec 5, 2017