Отправить #584366: Linksys RE6500、RE6250、RE6300、RE6350、RE7000、RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command InjectionИнформация

НазваниеLinksys RE6500、RE6250、RE6300、RE6350、RE7000、RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection
ОписаниеWe found an command Injection vulnerability in Linksys router with firmware which was released recently, allows remote attackers to execute arbitrary OS commands from a crafted request.In RP_UpgradeFWByBBS function, type、ch、ssidhex、security、extch、pwd、mode、ip、nm、gw is directly passed by the attacker, so we can control the type、ch、ssidhex、security、extch、pwd、mode、ip、nm、gw to attack the OS.
Источник⚠️ https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_7/7.md
Пользователь
 pjqwudi (UID 85106)
Представление25.05.2025 04:42 (1 Год назад)
Модерация01.06.2025 19:06 (8 days later)
Статуспринято
Запись VulDB310783 [Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 до 1.2.07.001 RP_UpgradeFWByBBS type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw эскалация привилегий]
Баллы20

ПредыдущийОбзорДалее

Want to stay up to date on a daily basis?

Enable the mail alert feature now!