Command Injection Vulnerability in Linksys E7350 by Linksys
CVE-2024-57223

Currently unrated

Key Information:

Vendor: Linksys
Vendor: CVE Published:; 10 January 2025

Summary

The Linksys E7350 version 1.1.00.032 is susceptible to a command injection vulnerability through the 'ifname' parameter in the 'apcli_wps_gen_pincode' function. This flaw could allow an attacker to execute arbitrary commands on the device, which may compromise the security of the network. It's crucial for users to assess their exposure and apply relevant security measures to safeguard their devices.

References

https://github.com/yanggao017/vuln/blob/main/Linksys/E735...

Timeline

Vulnerability published
Jan 10, 2025