First published: Tue May 23 2023(Updated: )
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linksys E2000 Firmware | =1.0.06 | |
Linksys E2000 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-31741 is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06.
If an attacker gains web management privileges, they can inject commands into specific post request parameters of the router's httpd Start_EPI() function.
CVE-2023-31741 has a severity rating of 7.2, which is considered high.
An attacker can exploit CVE-2023-31741 by gaining web management privileges and injecting malicious commands into the affected router's post request parameters.
As of now, there is no official fix available for CVE-2023-31741. It is recommended to update the router's firmware if possible and restrict access to the web management interface.