| Titel | Linksys MR9600 firmware 2.0.6.206937 OS Command Injection |
|---|
| Beschreibung | An authenticated OS command injection vulnerability exists in Linksys MR9600 firmware 2.0.6.206937 in the SmartConnectConfigure workflow.
In SmartConnect.lua, the smartConnectConfigure function builds a shell command using os.execute(...) with user-controlled fields (e.g., configApSsid, configApPassphrase, srpLogin, srpPassword) concatenated directly into the command string without proper sanitization or strict allowlisting.
By sending crafted input to the JNAP action:
http://linksys.com/jnap/nodes/smartconnect/SmartConnectConfigure
an authenticated attacker can inject shell metacharacters and execute arbitrary commands on the device (root context in my test environment).
Impact: authenticated remote code execution and full device compromise.
Tested on: Linksys MR9600, firmware 2.0.6.206937.
|
|---|
| Quelle | ⚠️ https://github.com/utmost3/cve/issues/1 |
|---|
| Benutzer | wuuu (UID 93536) |
|---|
| Einreichung | 08.03.2026 08:11 (vor 1 Monat) |
|---|
| Moderieren | 21.03.2026 21:43 (14 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 352385 [Linksys MR9600 2.0.6.206937 SmartConnect.lua smartConnectConfigure erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|