Command Injection Vulnerability in Linksys E2000 Router Firmware
CVE-2023-31741

7.2HIGH

Key Information:

Vendor: Linksys
Status: E2000 Firmware
Vendor: CVE Published:; 23 May 2023

What is CVE-2023-31741?

A command injection vulnerability exists in the Linksys E2000 router firmware version 1.0.06. When an attacker gains unauthorized web management access, they can exploit this flaw by injecting malicious commands into the post request parameters including wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, and ttcp_size via the httpd Start_EPI() function. This allows the attacker to execute commands with shell privileges, potentially compromising the router and the network it serves.

References

http://linksys.com

https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-3...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2023
Vulnerability Reserved
Apr 29, 2023