| عنوان | Linksys MR9600 firmware 2.0.6.206937 OS Command Injection |
|---|
| الوصف | An authenticated OS command injection vulnerability exists in Linksys MR9600 firmware 2.0.6.206937 in the SmartConnectConfigure workflow.
In SmartConnect.lua, the smartConnectConfigure function builds a shell command using os.execute(...) with user-controlled fields (e.g., configApSsid, configApPassphrase, srpLogin, srpPassword) concatenated directly into the command string without proper sanitization or strict allowlisting.
By sending crafted input to the JNAP action:
http://linksys.com/jnap/nodes/smartconnect/SmartConnectConfigure
an authenticated attacker can inject shell metacharacters and execute arbitrary commands on the device (root context in my test environment).
Impact: authenticated remote code execution and full device compromise.
Tested on: Linksys MR9600, firmware 2.0.6.206937.
|
|---|
| المصدر | ⚠️ https://github.com/utmost3/cve/issues/1 |
|---|
| المستخدم | wuuu (UID 93536) |
|---|
| ارسال | 08/03/2026 08:11 AM (1 شهر منذ) |
|---|
| الاعتدال | 21/03/2026 09:43 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 352385 [Linksys MR9600 2.0.6.206937 SmartConnect.lua smartConnectConfigure تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|