Command Injection Flaw in Linksys E8450 Router by Linksys
CVE-2024-57539

8.2HIGH

Key Information:

Vendor: Linksys
Status: E8450
Vendor: CVE Published:; 21 January 2025

Summary

A command injection vulnerability exists in the Linksys E8450 Router, specifically affecting version 1.2.00.360516. This issue arises from improper handling of user input through the userEmail parameter, potentially allowing attackers to execute arbitrary commands on the device. Exploitation of this vulnerability could compromise the integrity and security of the router, highlighting the importance of applying patches and following security best practices.

References

https://github.com/Wood1314/Linksys_E8450_vul/blob/main/3...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Jan 9, 2025