First published: Mon Jan 09 2023(Updated: )
An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root.
Credit: trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linksys Wumc710 Firmware | <1.0.02 | |
Linksys Wumc710 Firmware | =1.0.02 | |
Linksys Wumc710 Firmware | =1.0.02-build3 | |
Linksys WUMC710 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-43971 is high with a severity value of 7.2.
The affected software for CVE-2022-43971 is Linksys Wumc710 Firmware version 1.0.02 (build3) and below.
CVE-2022-43971 allows an authenticated attacker with administrator access to execute arbitrary code on the affected device.
No, Linksys WUMC710 is not vulnerable to CVE-2022-43971.
To fix CVE-2022-43971, update the firmware of the Linksys WUMC710 to version 1.0.03 or later.