Command Injection Vulnerability in Linksys E7350 Router

CVE-2024-57224

Summary

The Linksys E7350 router, specifically in version 1.1.00.032, is susceptible to a command injection vulnerability. This flaw occurs through the 'ifname' parameter in the 'apcli_do_enr_pin_wps' function, potentially allowing an attacker to execute arbitrary commands on the affected device. This vulnerability may lead to unauthorized access and compromise of the router's integrity, impacting both the device and connected networks significantly.

References