Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCybellumCVE-2022-38132
HistoryAug 24, 2022 - 12:15 a.m.

CVE-2022-38132

2022-08-2400:15:08
CWE-78
Cybellum
web.nvd.nist.gov
41
9
cve-2022-38132
linksys mr8300
router
command injection
vulnerability
ddns service
os commands

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0

Percentile

13.1%

JSON

Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router’s web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. This issue affects: Linksys MR8300 Router 1.0.

Affected configurations

Nvd
Node
linksysmr8300_firmwareMatch1.0
AND
linksysmr8300Match-
VendorProductVersionCPE
linksysmr8300_firmware1.0cpe:2.3:o:linksys:mr8300_firmware:1.0:*:*:*:*:*:*:*
linksysmr8300-cpe:2.3:h:linksys:mr8300:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "MR8300 Router",
    "vendor": "Linksys",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware 1.0"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
nvd 1
cnvd 1
prion 1
cvelist
cvelist
CVE-2022-38132 Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands.
2022-08-23 23:16:32
nvd
nvd
CVE-2022-38132
2022-08-24 00:15:08
cnvd
cnvd
Linksys MR8300 OS Command Injection Vulnerability
2022-08-24 00:00:00
prion
prion
Command injection
2022-08-24 00:15:00

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0

Percentile

13.1%

JSON
Related for CVE-2022-38132
cvelist1nvd1cnvd1prion1