Linksys E5600 v1.1.0.26 Command Injection Vulnerability
CVE-2024-33789

9.8CRITICAL

Key Information:

Vendor: Linksys
Status: E5600 Firmware
Vendor: CVE Published:; 3 May 2024

🔔 Create Linksys Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2024-33789?

A security weakness has been identified in the Linksys E5600 router, which allows for command injection through the 'ipurl' parameter at the /API/info endpoint. This vulnerability could enable an attacker to execute arbitrary commands on the device, potentially compromising network security and exposing sensitive information.

News Articles

GBHackers on Security

CVE-2024-33789 CVE-2024-33788

Linksys Router Flaw Let Attackers Perform Command Injection, PoC Released

Linksys routers were discovered with two vulnerabilities which had the CVEs CVE-2024-33788 and CVE-2024-33789. These vulnerabilities were

thmubnail image

References

https://github.com/ymkyu/CVE/tree/main/CVE-2024-33789

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by GBHackers on Security
May 6, 2024
Vulnerability published
May 3, 2024

CVE-2024-33789 Data

.