Linksys Router Vulnerability Allows Privilege Escalation via GET Request
CVE-2024-22543

Currently unrated

Key Information:

Vendor: Linksys
Status: E1700 Firmware
Vendor: CVE Published:; 27 February 2024

Summary

An identified vulnerability in the Linksys Router E1700 version 1.0.04 (build 3) permits authenticated attackers to escalate privileges. This occurs through the manipulation of crafted GET requests directed at the /goform/* URI or via the ExportSettings function. The flaw could potentially allow unauthorized changes to router settings, increasing the risk of unauthorized network access and exploitation.

References

https://mat4mee.notion.site/Leaked-SessionID-can-lead-to-...

Timeline

Vulnerability published
Feb 27, 2024
Vulnerability Reserved
Jan 11, 2024