A vulnerability has been found in Linksys WUMC710 up to 1.0.02 and classified as critical. This vulnerability affects the function do_setNTP of the file /setNTP.cgi of the component httpd. The manipulation with an unknown input leads to a os command injection vulnerability. The CWE definition for the vulnerability is CWE-78. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root.

The weakness was disclosed 01/10/2023. The advisory is shared for download at youtu.be. This vulnerability was named CVE-2022-43971 since 10/28/2022. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 01/10/2023). The MITRE ATT&CK project declares the attack technique as T1202.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Vendor

• Linksys

Name

• WUMC710

Version

• 1.0.02

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

Video

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion