| 제목 | Linksys MR9600 firmware 2.0.6.206937 OS Command Injection |
|---|
| 설명 | An authenticated OS command injection vulnerability exists in Linksys MR9600 firmware 2.0.6.206937 in the SmartConnectConfigure workflow.
In SmartConnect.lua, the smartConnectConfigure function builds a shell command using os.execute(...) with user-controlled fields (e.g., configApSsid, configApPassphrase, srpLogin, srpPassword) concatenated directly into the command string without proper sanitization or strict allowlisting.
By sending crafted input to the JNAP action:
http://linksys.com/jnap/nodes/smartconnect/SmartConnectConfigure
an authenticated attacker can inject shell metacharacters and execute arbitrary commands on the device (root context in my test environment).
Impact: authenticated remote code execution and full device compromise.
Tested on: Linksys MR9600, firmware 2.0.6.206937.
|
|---|
| 원천 | ⚠️ https://github.com/utmost3/cve/issues/1 |
|---|
| 사용자 | wuuu (UID 93536) |
|---|
| 제출 | 2026. 03. 08. AM 08:11 (1 월 ago) |
|---|
| 모더레이션 | 2026. 03. 21. PM 09:43 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 352385 [Linksys MR9600 2.0.6.206937 SmartConnect.lua smartConnectConfigure 권한 상승] |
|---|
| 포인트들 | 20 |
|---|