CVE-2023-31742: Command Injection
First published: Mon May 22 2023(Updated: )
There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linksys Wrt54gl Firmware | =4.30.18.006 | |
| Linksys WRT54GL | ||
| All of | ||
| Linksys Wrt54gl Firmware | =4.30.18.006 | |
| Linksys WRT54GL |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2023-31742.
What is the affected software?
The affected software is Linksys Wrt54gl Firmware with version 4.30.18.006.
How severe is this vulnerability?
This vulnerability has a severity score of 7.2 (high).
How does this vulnerability work?
This vulnerability allows an attacker with web management privileges to inject commands into certain post request parameters, which can result in command execution.
Is there a fix available for this vulnerability?
Currently, there is no official fix or patch available for this vulnerability.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/linksys
- canonical/linksys wrt54gl firmware
- version/linksys wrt54gl firmware/4.30.18.006
- canonical/linksys wrt54gl