OS Command Injection Vulnerability in Linksys AX3200
CVE-2022-38841

8.8HIGH

Key Information:

Vendor: Linksys
Status: E8450 Firmware
Vendor: CVE Published:; 16 April 2023

Summary

The Linksys AX3200 version 1.1.00 has a vulnerability that allows authenticated users to perform OS command injection via shell metacharacters on the diagnostics traceroute page. This weakness can be exploited to execute arbitrary commands on the system, potentially compromising the integrity and security of the affected device. It highlights a significant security concern for users due to the possibility of unauthorized access and manipulation of network functionality.

References

https://drive.google.com/drive/folders/1rAa4zzJPwMop0AEMi...

http://packetstormsecurity.com/files/171433/Linksys-AX320...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2023
Vulnerability Reserved
Aug 29, 2022