Command Injection Vulnerability in Linksys WRT54GL Router
CVE-2023-31742

7.2HIGH

Key Information:

Vendor: Linksys
Status: Wrt54gl Firmware
Vendor: CVE Published:; 22 May 2023

Summary

A command injection vulnerability exists in the Linksys WRT54GL router with firmware version 4.30.18.006. When a malicious actor gains web management access, they can exploit this vulnerability by injecting commands through specific POST request parameters, potentially leading to unauthorized shell access. This can pose significant security risks as it may allow attackers to alter the router's configuration or execute arbitrary commands.

References

http://linksys.com

https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-3...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 22, 2023
Vulnerability Reserved
Apr 29, 2023